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FOREWORD 


1 .  The  NSTISSC  Glossary  Working  Group  recently  convened  to  review  terms 
submitted  by  the  NSTISSC  membership  since  the  Glossary  was  last  published  in 
1999.  This  edition  incorporates  those  terms. 

2.  We  recognize  that,  to  remain  useful,  a  glossary  must  be  in  a  continuous 
state  of  coordination,  and  we  encourage  your  review  and  welcome  your  comments. 

The  goal  of  the  Glossary  Working  Group  is  to  keep  pace  with  changes  in  information 
systems  security  terminology  and  meet  regularly  to  consider  comments. 

3.  The  Working  Group  would  like  your  help  in  keeping  up  to  date  as  new 
terms  come  into  being  and  old  terms  fall  into  disuse  or  change  meaning.  Some  terms 
from  the  previous  version  were  deleted,  others  updated  or  added,  and  some  are 
identified  as  candidates  for  deletion  (C.F.D.).  If  a  term  you  still  find  valuable  and  need 
in  your  environment  has  been  deleted,  please  resubmit  the  term  with  a  definition 
based  on  the  following  criteria:  (a)  specific  relevance  to  the  security  of  information 
systems;  (b)  economy  of  words;  (c)  accuracy;  and  (d)  clarity.  Use  these  same  criteria 
to  recommend  any  changes  to  existing  definitions  or  suggest  new  terms.  In  all  cases, 
send  your  suggestions  to  the  NSTISSC  Secretariat  via  mail  or  fax  (410)  854-6814. 

4.  Representatives  of  the  NSTISSC  may  obtain  additional  copies  of  this 
instruction  at  the  address  listed  below. 


MICHAEL  V.  HAYDEN 


Lieutenant  General,  USAF 


NSTISSC  Secretariat  (142).  National  Security  Agency.9800  Savage  Road  STE  6716.  Ft  Meade  MD  20755-6716 

(410)  854-6805. UFAX :  (410)  854-6814 
nsti  ssc  @  radium.ncsc.mil 


UNCLASSIFIED 


SECTION 


TERMS  AND  DEFINITIONS 


A 


A1 


access 


access  control 


access  control  list  (ACL) 


access  control  mechanism 


access  control  officer  (ACO) 


access  level 


access  list 


access  period 


Highest  level  of  trust  defined  in  the  Orange  Book 
(Department  of  Defense  Trusted  Computer  System 
Evaluation  Criteria,  DoD  5200.28-STD). 

Opportunity  to  make  use  of  an  information  system 
(IS)  resource. 

Limiting  access  to  information  system  resources 
only  to  authorized  users,  programs,  processes,  or 
other  systems. 

Mechanism  implementing  discretionary  and/or 
mandatory  access  control  between  subjects  and 
objects. 

Security  safeguard  designed  to  detect  and  deny 
unauthorized  access  and  permit  authorized  access 
in  an  IS. 

Designated  individual  responsible  for  limiting 
access  to  information  systems  resources. 

Hierarchical  portion  of  the  security  level  used  to 
identify  the  sensitivity  of  IS  data  and  the  clearance 
or  authorization  of  users.  Access  level,  in 
conjunction  with  the  nonhierarchical  categories, 
forms  the  sensitivity  label  of  an  object.  See 
category. 

(IS)  Compilation  of  users,  programs,  or  processes 
and  the  access  levels  and  types  to  which  each  is 
authorized. 

(COMSEC)  Roster  of  persons  authorized 
admittance  to  a  controlled  area. 

Segment  of  time,  generally  expressed  in  days  or 
weeks,  during  which  access  rights  prevail. 
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access  profile 


access  type 


accountability 


accounting  legend  code  (ALC) 


accounting  number 


accreditation 


accreditation  package 


accrediting  authority 


add-on  security 


advisory 


Associates  each  user  with  a  list  of  protected  objects 
the  user  may  access. 

Privilege  to  perform  action  on  an  object.  Read, 
write,  execute,  append,  modify,  delete,  and  create 
are  examples  of  access  types. 

(IS)  Process  of  tracing  IS  activities  to  a  responsible 
source. 

(COMSEC)  Principle  that  an  individual  is  entrusted 
to  safeguard  and  control  equipment,  keying 
material,  and  information  and  is  answerable  to 
proper  authority  for  the  loss  or  misuse  of  that 
equipment  or  information. 

Numeric  code  used  to  indicate  the  minimum 
accounting  controls  required  for  items  of 
accountable  COMSEC  material  within  the 
COMSEC  Material  Control  System. 

Number  assigned  to  an  item  of  COMSEC  material 
to  facilitate  its  control. 

Formal  declaration  by  a  Designated  Approving 
Authority  (DAA)  that  an  IS  is  approved  to  operate 
in  a  particular  security  mode  at  an  acceptable  level 
of  risk,  based  on  the  implementation  of  an 
approved  set  of  technical,  managerial,  and 
procedural  safeguards. 

Product  comprised  of  a  System  Security  Plan  (SSP) 
and  a  report  documenting  the  basis  for  the 
accreditation  decision. 

Synonymous  with  Designated  Approving  Authority 
(DAA). 

Incorporation  of  new  hardware,  software,  or 
firmware  safeguards  in  an  operational  IS. 

Notification  of  significant  new  trends  or 
developments  regarding  the  threat  to  the  IS  of  an 
organization.  This  notification  may  include 
analytical  insights  into  trends,  intentions, 
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technologies,  or  tactics  of  an  adversary  targeting 
ISs. 


alert 


alternate  COMSEC  custodian 


anti-jam 


anti-spoof 


assembly 


assurance 

attack 


attention  character 


Notification  that  a  specific  attack  has  been  directed 
at  the  IS  of  an  organization. 

Person  designated  by  proper  authority  to  perform 
the  duties  of  the  COMSEC  custodian  during  the 
temporary  absence  of  the  COMSEC  custodian. 

Measures  ensuring  that  transmitted  information 
can  be  received  despite  deliberate  jamming 
attempts. 

Measures  preventing  an  opponent’s  participation 
in  an  IS. 

Group  of  parts,  elements,  subassemblies,  or 
circuits  that  are  removable  items  of  COMSEC 
equipment. 

See  information  assurance. 

Type  of  incident  involving  the  intentional  act  of 
attempting  to  bypass  one  or  more  security  controls 
(see  Information  Assurance)  of  an  IS. 

In  Trusted  Computing  Base  (TCB)  design,  a 
character  entered  from  a  terminal  that  tells  the 
TCB  the  user  wants  a  secure  communications  path 
from  the  terminal  to  some  trusted  code  to  provide  a 
secure  service  for  the  user. 


audit  Independent  review  and  examination  of  records 

and  activities  to  assess  the  adequacy  of  system 
controls,  to  ensure  compliance  with  established 
policies  and  operational  procedures,  and  to 
recommend  necessary  changes  in  controls, 
policies,  or  procedures. 

audit  trail  Chronological  record  of  system  activities  to  enable 

the  reconstruction  and  examination  of  the 
sequence  of  events  and/or  changes  in  an  event. 
Audit  trail  may  apply  to  information  in  an  IS,  to 
message  routing  in  a  communications  system,  or 
to  the  transfer  of  COMSEC  material. 
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authenticate  To  verify  the  identity  of  a  user,  user  device,  or 

other  entity,  or  the  integrity  of  data  stored, 
transmitted,  or  otherwise  exposed  to  unauthorized 
modification  in  an  IS,  or  to  establish  the  validity  of 
a  transmission. 

authentication  Security  measure  designed  to  establish  the  validity 

of  a  transmission,  message,  or  originator,  or  a 
means  of  verifying  an  individual’s  authorization  to 
receive  specific  categories  of  information. 

authentication  system  Cryptosystem  or  process  used  for  authentication. 

authenticator  Means  used  to  confirm  the  identity  of  a  station, 

originator,  or  individual. 

authorization  Access  privileges  granted  to  a  user,  program,  or 

process. 

authorized  vendor  Manufacturer  of  INFOSEC  equipment  authorized  to 

produce  quantities  in  excess  of  contractual 
requirements  for  direct  sale  to  eligible  buyers. 
Eligible  buyers  are  typically  U.S.  Government 
organizations  or  U.S.  Government  contractors. 

Program  in  which  a  vendor,  producing  an 
INFOSEC  product  under  contract  to  NSA,  is 
authorized  to  produce  that  product  in  numbers 
exceeding  the  contracted  requirements  for  direct 
marketing  and  sale  to  eligible  buyers.  Eligible 
buyers  are  typically  U.S.  Government  organizations 
or  U.S.  Government  contractors.  Products 
approved  for  marketing  and  sale  through  the  AVP 
are  placed  on  the  Endorsed  Cryptographic 
Products  List  (ECPL). 

automated  security  monitoring  Use  of  automated  procedures  to  ensure  security 

controls  are  not  circumvented  or  the  use  of  these 
tools  to  track  actions  taken  by  subjects  suspected 
of  misusing  the  IS. 

automatic  remote  rekeying  Procedure  to  rekey  a  distant  crypto-equipment 

electronically  without  specific  actions  by  the 
receiving  terminal  operator. 

availability  Timely,  reliable  access  to  data  and  information 

services  for  authorized  users. 
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B 


back  door 


backup 


Hidden  software  or  hardware  mechanism  used  to 
circumvent  security  controls.  Synonymous  with 
trap  door. 

Copy  of  files  and  programs  made  to  facilitate 
recovery,  if  necessary. 


banner 


Display  on  an  IS  that  sets  parameters  for  system 
or  data  use. 


Bell-La  Padula  security  model 


benign 


benign  environment 


beyond  A1 


binding 


biometrics 


bit  error  rate 


BLACK 


Formal-state  transition  model  of  a  computer 
security  policy  that  describes  a  formal  set  of  access 
controls  based  on  information  sensitivity  and 
subject  authorizations.  See  star  (*)  property  and 
simple  security  property. 

Condition  of  cryptographic  data  that  cannot  be 
compromised  by  human  access. 

Nonhostile  environment  that  may  be  protected 
from  external  hostile  elements  by  physical, 
personnel,  and  procedural  security 
countermeasures. 

Level  of  trust  defined  by  the  DoD  Trusted 
Computer  System  Evaluation  Criteria  (TCSEC)  to 
be  beyond  the  state-of-the-art  technology.  It 
includes  all  the  Al-level  features  plus  additional 
ones  not  required  at  the  Al-level. 

Process  of  associating  a  specific  communications 
terminal  with  a  specific  cryptographic  key  or 
associating  two  related  elements  of  information. 

Automated  methods  of  authenticating  or  verifying 
an  individual  based  upon  a  physical  or  behavioral 
characteristic. 

Ratio  between  the  number  of  bits  incorrectly 
received  and  the  total  number  of  bits  transmitted 
in  a  telecommunications  system. 

Designation  applied  to  information  systems,  and  to 
associated  areas,  circuits,  components,  and 
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boundary 


brevity  list 


browsing 


bulk  encryption 


c 


call  back 


canister 


capability 


cascading 


category 


CCI  assembly 


UNCLASSIFIED 

equipment,  in  which  national  security  information 
is  encrypted  or  is  not  processed. 

Software,  hardware,  or  physical  barrier  that  limits 
access  to  a  system  or  part  of  a  system. 

List  containing  words  and  phrases  used  to  shorten 
messages. 

Act  of  searching  through  IS  storage  to  locate  or 
acquire  information,  without  necessarily  knowing 
the  existence  or  format  of  information  being 
sought. 

Simultaneous  encryption  of  all  channels  of  a 
multichannel  telecommunications  link. 


Procedure  for  identifying  and  authenticating  a 
remote  IS  terminal,  whereby  the  host  system 
disconnects  the  terminal  and  reestablishes 
contact.  Synonymous  with  dial  back. 

Type  of  protective  package  used  to  contain  and 
dispense  key  in  punched  or  printed  tape  form. 

Protected  identifier  that  both  identifies  the  object 
and  specifies  the  access  rights  to  be  allowed  to  the 
subject  who  possesses  the  capability.  In  a 
capability-based  system,  access  to  protected 
objects  such  as  files  is  granted  if  the  would-be 
subject  possesses  a  capability  for  the  object. 

Downward  flow  of  information  through  a  range  of 
security  levels  greater  than  the  accreditation  range 
of  a  system  network  or  component. 

Restrictive  label  applied  to  classified  or  unclassified 
information  to  limit  access. 

Device  embodying  a  cryptographic  logic  or  other 
COMSEC  design  that  NSA  has  approved  as  a 
Controlled  Cryptographic  Item  (CCI).  It  performs 
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CCI  component 


CCI  equipment 


central  office  of  record 
(COR) 


certificate 


certificate  management 


certificate  revocation  list 
(CRL) 

certification 


certification  authority  (CA) 


certification  authority 
workstation  (CAW) 


UNCLASSIFIED 

the  entire  COMSEC  function,  but  depends  upon 
the  host  equipment  to  operate. 

Part  of  a  Controlled  Cryptographic  Item  (CCI)  that 
does  not  perform  the  entire  COMSEC  function  but 
depends  upon  the  host  equipment,  or  assembly,  to 
complete  and  operate  the  COMSEC  function. 

Telecommunications  or  information  handling 
equipment  that  embodies  a  Controlled 
Cryptographic  Item  (CCI)  component  or  CCI 
assembly  and  performs  the  entire  COMSEC 
function  without  dependence  on  host  equipment  to 
operate. 

Office  of  a  federal  department  or  agency  that  keeps 
records  of  accountable  COMSEC  material  held  by 
elements  subject  to  its  oversight. 

Record  holding  security  information  about  an  IS 
user  and  vouches  to  the  truth  and  accuracy  of  the 
information  it  contains. 

Process  whereby  certificates  (as  defined  above)  are 
generated,  stored,  protected,  transferred,  loaded, 
used,  and  destroyed. 

List  of  invalid  certificates  (as  defined  above)  that 
have  been  revoked  by  the  issuer. 

Comprehensive  evaluation  of  the  technical  and 
nontechnical  security  safeguards  of  an  IS  to 
support  the  accreditation  process  that  establishes 
the  extent  to  which  a  particular  design  and 
implementation  meets  a  set  of  specified  security 
requirements. 

Third  level  of  the  Public  Key  Infrastructure  (PKI) 
Certification  Management  Authority  responsible  for 
issuing  and  revoking  user  certificates,  and  exacting 
compliance  to  the  PKI  policy  as  defined  by  the 
parent  Policy  Creation  Authority  (PCA). 

Commercial-off-the-shelf  (COTS)  workstation  with 
a  trusted  operating  system  and  special  purpose 
application  software  that  is  used  to  issue 
certificates. 
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certification  package 

certification  test  and 
evaluation  (CT&E) 

certified  TEMPEST  technical 
authority  (CTTA) 


certifier 


challenge  and  reply 
authentication 

checksum 

check  word 

cipher 

cipher  text 

cipher  text  auto-key 
(CTAK) 

ciphony 

classified  information 


UNCLASSIFIED 


Product  of  the  certification  effort  documenting  the 
detailed  results  of  the  certification  activities. 

Software  and  hardware  security  tests  conducted 
during  development  of  an  IS. 

An  experienced,  technically  qualified  U.S. 
Government  employee  who  has  met  established 
certification  requirements  in  accordance  with 
NSTISSC-approved  criteria  and  has  been  appointed 
by  a  U.S.  Government  Department  or  Agency  to 
fulfill  CTTA  responsibilities. 

Individual  responsible  for  making  a  technical 
judgment  of  the  system’s  compliance  with  stated 
requirements,  identifying  and  assessing  the  risks 
associated  with  operating  the  system,  coordinating 
the  certification  activities,  and  consolidating  the 
final  certification  and  accreditation  packages. 

Prearranged  procedure  in  which  a  subject  requests 
authentication  of  another  and  the  latter 
establishes  validity  with  a  correct  reply. 

Value  computed  on  data  to  detect  error  or 
manipulation  during  transmission.  See  hash  total. 

Cipher  text  generated  by  cryptographic  logic  to 
detect  failures  in  cryptography. 

Any  cryptographic  system  in  which  arbitrary 
symbols  or  groups  of  symbols,  represent  units  of 
plain  text,  or  in  which  units  of  plain  text  are 
rearranged,  or  both. 

Enciphered  information. 

Cryptographic  logic  that  uses  previous  cipher  text 
to  generate  a  key  stream. 

Process  of  enciphering  audio  information,  resulting 
in  encrypted  speech. 

Information  that  has  been  determined  pursuant  to 
Executive  Order  12958  or  any  predecessor  Order, 
or  by  the  Atomic  Energy  Act  of  1954,  as  amended, 
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clearing 


closed  security  environment 


code 

code  book 

code  group 

code  vocabulary 

cold  start 

command  authority 


UNCLASSIFIED 

to  require  protection  against  unauthorized 
disclosure  and  is  marked  to  indicate  its  classified 
status. 

Removal  of  data  from  an  IS,  its  storage  devices, 
and  other  peripheral  devices  with  storage  capacity, 
in  such  a  way  that  the  data  may  not  be 
reconstructed  using  common  system  capabilities 
(i.e. ,  keyboard  strokes);  however,  the  data  may  be 
reconstructed  using  laboratory  methods.  Cleared 
media  may  be  reused  at  the  same  classification 
level  or  at  a  higher  level.  Overwriting  is  one  method 
of  clearing. 

Environment  providing  sufficient  assurance  that 
applications  and  equipment  are  protected  against 
the  introduction  of  malicious  logic  during  an  IS  life 
cycle.  Closed  security  is  based  upon  a  system’s 
developers,  operators,  and  maintenance  personnel 
having  sufficient  clearances,  authorization,  and 
configuration  control. 

(COMSEC)  System  of  communication  in  which 
arbitrary  groups  of  letters,  numbers,  or  symbols 
represent  units  of  plain  text  of  varying  length. 

Document  containing  plain  text  and  code 
equivalents  in  a  systematic  arrangement,  or  a 
technique  of  machine  encryption  using  a  word 
substitution  technique. 

Group  of  letters,  numbers,  or  both  in  a  code 
system  used  to  represent  a  plain  text  word,  phrase, 
or  sentence. 

Set  of  plain  text  words,  numerals,  phrases,  or 
sentences  for  which  code  equivalents  are  assigned 
in  a  code  system. 

Procedure  for  initially  keying  crypto-equipment. 

Individual  responsible  for  the  appointment  of  user 
representatives  for  a  department,  agency,  or 
organization  and  their  key  ordering  privileges. 
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Commercial  COMSEC 
Endorsement  Program  (CCEP) 


common  criteria 


common  fill  device 


communications  cover 


communications  deception 


communications  profile 


communications  security 
(COMSEC) 


compartmentalization 


Relationship  between  NSA  and  industry  in  which 
NSA  provides  the  COMSEC  expertise  (i.e., 
standards,  algorithms,  evaluations,  and  guidance) 
and  industry  provides  design,  development,  and 
production  capabilities  to  produce  a  type  1  or  type 
2  product.  Products  developed  under  the  CCEP 
may  include  modules,  subsystems,  equipment, 
systems,  and  ancillary  devices. 

Provides  a  comprehensive,  rigorous  method  for 
specifying  security  function  and  assurance 
requirements  for  products  and  systems. 
(Information  Technology  Security  Evaluation 
Criteria  [ITSEC]) 

One  of  a  family  of  devices  developed  to  read-in, 
transfer,  or  store  key. 

Concealing  or  altering  of  characteristic 
communications  patterns  to  hide  information  that 
could  be  of  value  to  an  adversary. 

Deliberate  transmission,  retransmission,  or 
alteration  of  communications  to  mislead  an 
adversary’s  interpretation  of  the  communications. 
See  imitative  communications  deception  and 
manipulative  communications  deception. 

Analytic  model  of  communications  associated  with 
an  organization  or  activity.  The  model  is  prepared 
from  a  systematic  examination  of  communications 
content  and  patterns,  the  functions  they  reflect, 
and  the  communications  security  measures 
applied. 

Measures  and  controls  taken  to  deny  unauthorized 
persons  information  derived  from 
telecommunications  and  to  ensure  the  authenticity 
of  such  telecommunications.  Communications 
security  includes  cryptosecurity,  transmission 
security,  emission  security,  and  physical  security 
of  COMSEC  material. 

A  nonhierarchical  grouping  of  sensitive  information 
used  to  control  access  to  data  more  finely  than 
with  hierarchical  security  classification  alone. 
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compartmented  mode  INFOSEC  mode  of  operation  wherein  each  user 

with  direct  or  indirect  access  to  a  system,  its 
peripherals,  remote  terminals,  or  remote  hosts  has 
all  of  the  following:  (a)  valid  security  clearance  for 
the  most  restricted  information  processed  in  the 
system:  (b)  formal  access  approval  and  signed 
nondisclosure  agreements  for  that  information 
which  a  user  is  to  have  access;  and  (c)  valid  need- 
to-know  for  information  which  a  user  is  to  have 
access. 

compromise  Type  of  incident  where  information  is  disclosed  to 

unauthorized  persons  or  a  violation  of  the  security 
policy  of  a  system  in  which  unauthorized 
intentional  or  unintentional  disclosure, 
modification,  destruction,  or  loss  of  an  object  may 
have  occurred. 

compromising  emanations  Unintentional  signals  that,  if  intercepted  and 

analyzed,  would  disclose  the  information 
transmitted,  received,  handled,  or  otherwise 
processed  by  information  systems  equipment.  See 
TEMPEST. 

computer  abuse  Intentional  or  reckless  misuse,  alteration, 

disruption,  or  destruction  of  information 
processing  resources. 

computer  cryptography  Use  of  a  crypto -algorithm  program  by  a  computer 

to  authenticate  or  encrypt/ decrypt  information. 

computer  security  Measures  and  controls  that  ensure  confidentiality, 

integrity,  and  availability  of  IS  assets  including 
hardware,  software,  firmware,  and  information 
being  processed,  stored,  and  communicated. 

computer  security  incident  See  incident. 

computer  security  subsystem  Hardware/software  designed  to  provide  computer 

security  features  in  a  larger  system  environment. 

COMSEC  account  Administrative  entity,  identified  by  an  account 

number,  used  to  maintain  accountability,  custody, 
and  control  of  COMSEC  material. 

COMSEC  account  audit  Examination  of  the  holdings,  records,  and 

procedures  of  a  COMSEC  account  ensuring  all 
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COMSEC  aid 

COMSEC  boundary 

COMSEC  chip  set 
COMSEC  control  program 

COMSEC  custodian 

COMSEC  end-item 

COMSEC  equipment 


COMSEC  facility 


UNCLASSIFIED 

accountable  COMSEC  material  is  properly  handled 
and  safeguarded. 

COMSEC  material  that  assists  in  securing 
telecommunications  and  is  required  in  the 
production,  operation,  or  maintenance  of  COMSEC 
systems  and  their  components.  COMSEC  keying 
material,  callsign/frequency  systems,  and 
supporting  documentation,  such  as  operating  and 
maintenance  manuals,  are  examples  of  COMSEC 
aids. 

Definable  perimeter  encompassing  all  hardware, 
firmware,  and  software  components  performing 
critical  COMSEC  functions,  such  as  key  generation 
and  key  handling  and  storage. 

Collection  of  NSA  approved  microchips. 

Computer  instructions  or  routines  controlling  or 
affecting  the  externally  performed  functions  of  key 
generation,  key  distribution,  message 
encryption/decryption,  or  authentication. 

Person  designated  by  proper  authority  to  be 
responsible  for  the  receipt,  transfer,  accounting, 
safeguarding,  and  destruction  of  COMSEC  material 
assigned  to  a  COMSEC  account. 

Equipment  or  combination  of  components  ready 
for  use  in  a  COMSEC  application. 

Equipment  designed  to  provide  security  to 
telecommunications  by  converting  information  to  a 
form  unintelligible  to  an  unauthorized  interceptor 
and,  subsequently,  by  reconverting  such 
information  to  its  original  form  for  authorized 
recipients;  also,  equipment  designed  specifically  to 
aid  in,  or  as  an  essential  element  of,  the  conversion 
process.  COMSEC  equipment  includes  crypto¬ 
equipment,  crypto-ancillary  equipment, 
cryptoproduction  equipment,  and  authentication 
equipment. 

Space  used  for  generating,  storing,  repairing,  or 
using  COMSEC  material. 
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COMSEC  incident 
COMSEC  insecurity 


COMSEC  manager 


COMSEC  material 


COMSEC  Material 
Control  System  (CMCS) 


COMSEC  modification 


COMSEC  module 


COMSEC  monitoring 


COMSEC  profile 


COMSEC  survey 


UNCLASSIFIED 

See  incident. 

COMSEC  incident  that  has  been  investigated, 
evaluated,  and  determined  to  jeopardize  the 
security  of  COMSEC  material  or  the  secure 
transmission  of  information. 

Person  who  manages  the  COMSEC  resources  of  an 
organization. 

Item  designed  to  secure  or  authenticate 
telecommunications.  COMSEC  material  includes, 
but  is  not  limited  to  key,  equipment,  devices, 
documents,  firmware,  or  software  that  embodies  or 
describes  cryptographic  logic  and  other  items  that 
perform  COMSEC  functions. 

Logistics  and  accounting  system  through  which 
COMSEC  material  marked  "CRYPTO"  is 
distributed,  controlled,  and  safeguarded.  Included 
are  the  COMSEC  central  offices  of  record, 
cryptologistic  depots,  and  COMSEC  accounts. 
COMSEC  material  other  than  key  may  be  handled 
through  the  CMCS. 

See  information  systems  security  equipment 
modification. 

Removable  component  that  performs  COMSEC 
functions  in  a  telecommunications  equipment  or 
system. 

Act  of  listening  to,  copying,  or  recording 
transmissions  of  one’s  own  official 
telecommunications  to  analyze  the  degree  of 
security. 

Statement  of  COMSEC  measures  and  materials 
used  to  protect  a  given  operation,  system,  or 
organization. 

Organized  collection  of  COMSEC  and 
communications  information  relative  to  a  given 
operation,  system,  or  organization. 
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COMSEC  system  data  Information  required  by  a  COMSEC  equipment  or 

system  to  enable  it  to  properly  handle  and  control 
key. 

COMSEC  training  Teaching  of  skills  relating  to  COMSEC  accounting, 

use  of  COMSEC  aids,  or  installation,  use, 
maintenance,  and  repair  of  COMSEC  equipment. 

concept  of  operations  (CONOP)  Document  detailing  the  method,  act,  process,  or 

effect  of  using  an  IS. 

confidentiality  Assurance  that  information  is  not  disclosed  to 

unauthorized  persons,  processes,  or  devices. 

configuration  control  Process  of  controlling  modifications  to  hardware, 

firmware,  software,  and  documentation  to  ensure 
the  IS  is  protected  against  improper  modifications 
prior  to,  during,  and  after  system  implementation. 

configuration  management  Management  of  security  features  and  assurances 

through  control  of  changes  made  to  hardware, 
software,  firmware,  documentation,  test,  test 
fixtures,  and  test  documentation  throughout  the 
life  cycle  of  an  IS. 

confinement  channel  See  covert  channel. 


confinement  property 


Synonymous  with  star  (*)  property. 


contamination 


contingency  key 


contingency  plan 


controlled  access  protection 


Type  of  incident  involving  the  introduction  of  data 
of  one  security  classification  or  security  category 
into  data  of  a  lower  security  classification  or 
different  security  category. 

Key  held  for  use  under  specific  operational 
conditions  or  in  support  of  specific  contingency 
plans. 

Plan  maintained  for  emergency  response,  backup 
operations,  and  post-disaster  recovery  for  an  IS,  to 
ensure  the  availability  of  critical  resources  and  to 
facilitate  the  continuity  of  operations  in  an 
emergency  situation. 

The  C2  level  of  protection  described  in  the  Trusted 
Computer  System  Evaluation  Criteria  (Orange 
Book).  Its  major  characteristics  are:  individual 
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controlled  cryptographic  item 
(CCI) 

controlled  security  mode 
controlled  sharing 

controlled  space 

controlling  authority 

cooperative  key  generation 

cooperative  remote  rekeying 
correctness  proof 

countermeasure 

covert  channel 

covert  channel  analysis 


UNCLASSIFIED 

accountability,  audit,  access  control,  and  object 
reuse. 

Secure  telecommunications  or  information 
handling  equipment,  or  associated  cryptographic 
component,  that  is  unclassified  but  governed  by  a 
special  set  of  control  requirements.  Such  items  are 
marked  "CONTROLLED  CRYPTOGRAPHIC  ITEM" 
or,  where  space  is  limited,  "CCI." 

See  multilevel  security. 

Condition  existing  when  access  control  is  applied 
to  all  users  and  components  of  an  IS. 

Three-dimensional  space  surrounding  IS 
equipment,  within  which  unauthorized  persons  are 
denied  unrestricted  access  and  are  either  escorted 
by  authorized  persons  or  are  under  continuous 
physical  or  electronic  surveillance. 

Official  responsible  for  directing  the  operation  of  a 
cryptonet  and  for  managing  the  operational  use 
and  control  of  keying  material  assigned  to  the 
cryptonet. 

Electronically  exchanging  functions  of  locally 
generated,  random  components,  from  which  both 
terminals  of  a  secure  circuit  construct  traffic 
encryption  key  or  key  encryption  key  for  use  on 
that  circuit. 

Synonymous  with  manual  remote  re  keying. 

A  mathematical  proof  of  consistency  between  a 
specification  and  its  implementation. 

Action,  device,  procedure,  technique,  or  other 
measure  that  reduces  the  vulnerability  of  an  IS. 

Unintended  and/or  unauthorized  communications 
path  that  can  be  used  to  transfer  information  in  a 
manner  that  violates  an  IS  security  policy.  See 
overt  channel  and  exploitable  channel. 

Determination  of  the  extent  to  which  the  security 
policy  model  and  subsequent  lower-level  program 
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covert  storage  channel 


covert  timing  channel 


credentials 


critical  infrastructures 


cryptanalysis 


CRYPTO 


crypto -alarm 


crypto  -  algorithm 


UNCLASSIFIED 

descriptions  may  allow  unauthorized  access  to 
information. 

Covert  channel  involving  the  direct  or  indirect 
writing  to  a  storage  location  by  one  process  and 
the  direct  or  indirect  reading  of  the  storage  location 
by  another  process.  Covert  storage  channels 
typically  involve  a  finite  resource  (e.g.,  sectors  on  a 
disk)  that  is  shared  by  two  subjects  at  different 
security  levels. 

Covert  channel  in  which  one  process  signals 
information  to  another  process  by  modulating  its 
own  use  of  system  resources  (e.g.,  central 
processing  unit  time)  in  such  a  way  that  this 
manipulation  affects  the  real  response  time 
observed  by  the  second  process. 

Information,  passed  from  one  entity  to  another, 
used  to  establish  the  sending  entity’s  access  rights. 

Those  physical  and  cyber-based  systems  essential 
to  the  minimum  operations  of  the  economy  and 
government. 

Operations  performed  in  converting  encrypted 
messages  to  plain  text  without  initial  knowledge  of 
the  crypto- algorithm  and/or  key  employed  in  the 
encryption. 

Marking  or  designator  identifying  COMSEC  keying 
material  used  to  secure  or  authenticate 
telecommunications  carrying  classified  or  sensitive 
U.S.  Government  or  U.S.  Government-derived 
information. 

Circuit  or  device  that  detects  failures  or 
aberrations  in  the  logic  or  operation  of  crypto¬ 
equipment.  Crypto-alarm  may  inhibit 
transmission  or  may  provide  a  visible  and/or 
audible  alarm. 

Well-defined  procedure  or  sequence  of  rules  or 
steps,  or  a  series  of  mathematical  equations  used 
to  describe  cryptographic  processes  such  as 
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encryption/decryption,  key  generation, 
authentication,  signatures,  etc. 

crypto -ancillary  equipment  Equipment  designed  specifically  to  facilitate 

efficient  or  reliable  operation  of  crypto-equipment, 
without  performing  cryptographic  functions  itself. 

crypto-equipment  Equipment  that  embodies  a  cryptographic  logic. 

cryptographic  Pertaining  to,  or  concerned  with,  cryptography. 

cryptographic  component  Hardware  or  firmware  embodiment  of  the 

cryptographic  logic.  A  cryptographic  component 
may  be  a  modular  assembly,  a  printed  wiring 
assembly,  a  microcircuit,  or  a  combination  of  these 
items. 

cryptographic  equipment  room  Controlled-access  room  in  which  cryptosystems  are 

(CER)  located. 

cryptographic  initialization  Function  used  to  set  the  state  of  a  cryptographic 

logic  prior  to  key  generation,  encryption,  or  other 
operating  mode. 

cryptographic  logic  The  embodiment  of  one  (or  more)  crypto- 

algorithm(s)  along  with  alarms,  checks,  and  other 
processes  essential  to  effective  and  secure 
performance  of  the  cryptographic  process(es). 

cryptographic  randomization  Function  that  randomly  determines  the  transmit 

state  of  a  cryptographic  logic. 

cryptography  Art  or  science  concerning  the  principles,  means, 

and  methods  for  rendering  plain  information 
unintelligible  and  for  restoring  encrypted 
information  to  intelligible  form. 

crypto-ignition  key  (CIK)  Device  or  electronic  key  used  to  unlock  the  secure 

mode  of  crypto-equipment. 

cryptology  Field  encompassing  both  cryptography  and 

cryptanalysis. 

cryptonet  Stations  holding  a  common  key. 

cryptoperiod  Time  span  during  which  each  key  setting  remains 

in  effect. 
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cryptosecurity 


cryptosynchronization 


cryptosystem 


cryptosystem  analysis 


cryptosystem  evaluation 


cryptosystem  review 


cryptosystem  survey 


cyclic  redundancy  check 


D 


dangling  threat 


dangling  vulnerability 


UNCLASSIFIED 

Component  of  COMSEC  resulting  from  the 
provision  of  technically  sound  cryptosystems  and 
their  proper  use. 

Process  by  which  a  receiving  decrypting 
cryptographic  logic  attains  the  same  internal  state 
as  the  transmitting  encrypting  logic. 

Associated  INFOSEC  items  interacting  to  provide  a 
single  means  of  encryption  or  decryption. 

Process  of  establishing  the  exploitability  of  a 
cryptosystem,  normally  by  reviewing  transmitted 
traffic  protected  or  secured  by  the  system  under 
study. 

Process  of  determining  vulnerabilities  of  a 
cryptosystem. 

Examination  of  a  cryptosystem  by  the  controlling 
authority  ensuring  its  adequacy  of  design  and 
content,  continued  need,  and  proper  distribution. 

Management  technique  in  which  actual  holders  of 
a  cryptosystem  express  opinions  on  the  system’s 
suitability  and  provide  usage  information  for 
technical  evaluations. 

Error  checking  mechanism  that  checks  data 
integrity  by  computing  a  polynomial  algorithm 
based  checksum. 


Set  of  properties  about  the  external  environment 
for  which  there  is  no  corresponding  vulnerability 
and  therefore  no  implied  risk. 

Set  of  properties  about  the  internal  environment 
for  which  there  is  no  corresponding  threat  and, 
therefore,  no  implied  risk. 
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data  aggregation  The  compilation  of  unclassified  individual  data 

systems  and  data  elements  resulting  in  the  totality 
of  the  information  being  classified. 

data  encryption  standard  (DES)  Cryptographic  algorithm,  designed  for  the 

protection  of  unclassified  data  and  published  by 
the  National  Institute  of  Standards  and  Technology 
(NIST)  in  Federal  Information  Processing  Standard 
(FIPS)  Publication  46. 

data  flow  control  Synonymous  with  information  flow  control. 

data  integrity  Condition  existing  when  data  is  unchanged  from 

its  source  and  has  not  been  accidentally  or 
maliciously  modified,  altered,  or  destroyed. 

data  origin  authentication  Corroborating  the  source  of  data  is  as  claimed. 


data  security  Protection  of  data  from  unauthorized  (accidental  or 

intentional)  modification,  destruction,  or 
disclosure. 

data  transfer  device  (DTD)  Fill  device  designed  to  securely  store,  transport, 

and  transfer  electronically  both  COMSEC  and 
TRANSEC  key,  designed  to  be  backward 
compatible  with  the  previous  generation  of 
COMSEC  common  fill  devices,  and  programmable 
to  support  modem  mission  systems. 

decertification  Revocation  of  the  certification  of  an  IS  item  or 

equipment  for  cause. 

decipher  Convert  enciphered  text  to  plain  text  by  means  of  a 

cryptographic  system. 

decode  Convert  encoded  text  to  plain  text  by  means  of  a 

code. 


decrypt  Generic  term  encompassing  decode  and  decipher. 

dedicated  mode  IS  security  mode  of  operation  wherein  each  user, 

with  direct  or  indirect  access  to  the  system,  its 
peripherals,  remote  terminals,  or  remote  hosts,  has 
all  of  the  following:  a.  valid  security  clearance  for 
all  information  within  the  system;  b.  formal 
access  approval  and  signed  nondisclosure 
agreements  for  all  the  information  stored  and/or 
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processed  (including  all  compartments, 
subcompartments,  and/or  special  access 
programs);  and  c.  valid  need-to-know  for  all 
information  contained  within  the  IS.  When  in  the 
dedicated  security  mode,  a  system  is  specifically 
and  exclusively  dedicated  to  and  controlled  for  the 
processing  of  one  particular  type  or  classification  of 
information,  either  for  full-time  operation  or  for  a 
specified  period  of  time. 

default  classification  Temporary  classification  reflecting  the  highest 

classification  being  processed  in  an  IS.  Default 
classification  is  included  in  the  caution  statement 
affixed  to  an  object. 

degaussing  Procedure  that  reduces  the  magnetic  flux  to  virtual 

zero  by  applying  a  reverse  magnetizing  field.  Also 
called  demagnetizing. 

delegated  development  program  INFOSEC  program  in  which  the  Director,  NSA, 

delegates,  on  a  case  by  case  basis,  the  development 
and/or  production  of  an  entire  telecommunications 
product,  including  the  INFOSEC  portion,  to  a  lead 
department  or  agency. 

denial  of  service  Type  of  incident  resulting  from  any  action  or  series 

of  actions  that  prevents  any  part  of  an  IS  from 
functioning. 

depot  maintenance  See  full  maintenance. 

descriptive  top-level  specification  Top-level  specification  written  in  a  natural 

language  (e.g.,  English),  an  informal  design 
notation,  or  a  combination  of  the  two.  Descriptive 
top-level  specification,  required  for  a  class  B2  and 
B3  (as  defined  in  the  Orange  Book,  Department  of 
Defense  Trusted  Computer  System  Evaluation 
Criteria,  DoD  5200.28-STD)  information  system, 
completely  and  accurately  describes  a  trusted 
computing  base.  See  formal  top-level  specification. 

design  controlled  spare  part  Part  or  subassembly  for  a  COMSEC  equipment  or 

(DCSP)  (C.F.D.)  device  with  an  NSA  controlled  design. 

design  documentation  Set  of  documents,  required  for  Trusted  Computer 

System  Evaluation  Criteria  (TCSEC)  classes  C 1 
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and  above  (as  defined  in  the  Orange  Book, 
Department  of  Defense  Trusted  Computer  System 
Evaluation  Criteria,  DoD  5200.28-STD),  whose 
primary  purpose  is  to  define  and  describe  the 
properties  of  a  system.  As  it  relates  to  TCSEC, 
design  documentation  provides  an  explanation  of 
how  the  security  policy  of  a  system  is  translated 
into  a  technical  solution  via  the  Trusted 
Computing  Base  (TCB)  hardware,  software,  and 
firmware. 

designated  approving  authority  Official  with  the  authority  to  formally  assume 

(DAA)  responsibility  for  operating  a  system  at  an 

acceptable  level  of  risk.  This  term  is  synonymous 
with  designated  accrediting  authority  and 
delegated  accrediting  authority. 

dial  back  Synonymous  with  call  back. 

digital  signature  Cryptographic  process  used  to  assure  message 

originator  authenticity,  integrity,  and 
nonrepudiation. 

digital  signature  algorithm  Procedure  that  appends  data  to,  or  performs  a 

cryptographic  transformation  of,  a  data  unit.  The 
appended  data  or  cryptographic  transformation 
allows  reception  of  the  data  unit  and  protects 
against  forgery,  e.g.,  by  the  recipient. 

direct  shipment  Shipment  of  COMSEC  material  directly  from  NSA 

to  user  COMSEC  accounts. 

Means  of  restricting  access  to  objects  based  on  the 
identity  and  need-to-know  of  users  and/or  groups 
to  which  the  object  belongs.  Controls  are 
discretionary  in  the  sense  that  a  subject  with  a 
certain  access  permission  is  capable  of  passing 
that  permission  (directly  or  indirectly)  to  any  other 
subject.  See  mandatory  access  control. 

distinguished  name  Globally  unique  identifier  representing  an 

individual’s  identity. 

DoD  Trusted  Computer  System  Document  containing  basic  requirements  and 

Evaluation  Criteria  (TCSEC)  evaluation  classes  for  assessing  degrees  of 

effectiveness  of  hardware  and  software  security 
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domain 


dominate 


drop  accountability 


E 


electronically  generated  key 


Electronic  Key  Management 
System  (EKMS) 


electronic  messaging  services 


UNCLASSIFIED 

controls  built  into  an  IS.  This  document,  DoD 
5200.28  STD,  is  frequently  referred  to  as  the 
Orange  Book. 

Unique  context  (e.g.,  access  control  parameters)  in 
which  a  program  is  operating;  in  effect,  the  set  of 
objects  a  subject  has  the  privilege  to  access. 


Term  used  to  compare  IS  security  levels.  Security 
level  SI  is  said  to  dominate  security  level  S2,  if  the 
hierarchical  classification  of  SI  is  greater  than,  or 
equal  to,  that  of  S2  and  the  non-hierarchical 
categories  of  S 1  include  all  those  of  S2  as  a  subset. 

Procedure  under  which  a  COMSEC  account 
custodian  initially  receipts  for  COMSEC  material, 
and  then  provides  no  further  accounting  for  it  to 
its  central  office  of  record.  Local  accountability  of 
the  COMSEC  material  may  continue  to  be 
required.  See  accounting  legend  code. 


Key  generated  in  a  COMSEC  device  by  introducing 
(either  mechanically  or  electronically)  a  seed  key 
into  the  device  and  then  using  the  seed,  together 
with  a  software  algorithm  stored  in  the  device,  to 
produce  the  desired  key. 

Interoperable  collection  of  systems  being  developed 
by  services  and  agencies  of  the  U.S.  Government  to 
automate  the  planning,  ordering,  generating, 
distributing,  storing,  filling,  using,  and  destroying 
of  electronic  key  and  management  of  other  types  of 
COMSEC  material. 

Services  providing  interpersonal  messaging 
capability;  meeting  specific  functional, 
management,  and  technical  requirements;  and 
yielding  a  business-quality  electronic  mail  service 
suitable  for  the  conduct  of  official  government 
business. 
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electronic  security  Protection  resulting  from  measures  designed  to 

(ELSEC)  deny  unauthorized  persons  information  derived 

from  the  interception  and  analysis  of 
noncommunications  electromagnetic  radiations. 

element  Removable  item  of  COMSEC  equipment,  assembly, 

or  subassembly;  normally  consisting  of  a  single 
piece  or  group  of  replaceable  parts. 

embedded  computer  Computer  system  that  is  an  integral  part  of  a 

larger  system. 

embedded  cryptography  Cryptography  engineered  into  an  equipment  or 

system  whose  basic  function  is  not  cryptographic. 

embedded  cryptographic  system  Cryptosystem  performing  or  controlling  a  function 

as  an  integral  element  of  a  larger  system  or 
subsystem. 

Protection  resulting  from  measures  taken  to  deny 
unauthorized  persons  information  derived  from 
intercept  and  analysis  of  compromising 
emanations  from  crypto-equipment  or  an  IS. 

encipher  Convert  plain  text  to  cipher  text  by  means  of  a 

cryptographic  system. 

encode  Convert  plain  text  to  cipher  text  by  means  of  a 

code. 

Generic  term  encompassing  encipher  and  encode. 

Set  of  mathematically  expressed  rules  for  rendering 
data  unintelligible  by  executing  a  series  of 
conversions  controlled  by  a  key. 

Accounting  for  all  the  accountable  components  of  a 
COMSEC  equipment  configuration  by  a  single 
short  title. 

end-to-end  encryption  Encryption  of  information  at  its  origin  and 

decryption  at  its  intended  destination  without 
intermediate  decryption. 

end-to-end  security  Safeguarding  information  in  an  IS  from  point  of 

origin  to  point  of  destination. 
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encryption  algorithm 

end-item  accounting 


emissions  security 
(EMSEC) 
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endorsed  for  unclassified 
cryptographic  item  (EUCI) 


endorsement 

entrapment 

environment 


erasure 

Evaluated  Products  List  (EPL) 


event 


executive  state 


exercise  key 


exploitable  channel 


Unclassified  cryptographic  equipment  that 
embodies  a  U.S.  Government  classified 
cryptographic  logic  and  is  endorsed  by  NSA  for  the 
protection  of  national  security  information.  See 
type  2  product. 

NSA  approval  of  a  commercially  developed  product 
for  safeguarding  national  security  information. 

Deliberate  planting  of  apparent  flaws  in  an  IS  for 
the  purpose  of  detecting  attempted  penetrations. 

Aggregate  of  external  procedures,  conditions,  and 
objects  affecting  the  development,  operation,  and 
maintenance  of  an  IS. 

Process  intended  to  render  magnetically  stored 
information  irretrievable  by  normal  means. 

Equipment,  hardware,  software,  and/or  firmware 
evaluated  by  the  National  Computer  Security 
Center  (NCSC)  in  accordance  with  DoD  TCSEC 
and  found  to  be  technically  compliant  at  a 
particular  level  of  trust.  The  EPL  is  included  in  the 
NSA  Information  Systems  Security  Products  and 
Services  Catalogue. 

Occurrence,  not  yet  assessed,  that  may  effect  the 
performance  of  an  IS. 

One  of  several  states  in  which  an  IS  may  operate, 
and  the  only  one  in  which  certain  privileged 
instructions  may  be  executed.  Such  privileged 
instructions  cannot  be  executed  when  the  system 
is  operating  in  other  states.  Synonymous  with 
supervisor  state. 

Key  used  exclusively  to  safeguard  communications 
transmitted  over-the-air  during  military  or 
organized  civil  training  exercises. 

Channel  that  allows  the  violation  of  the  security 
policy  governing  an  IS  and  is  usable  or  detectable 
by  subjects  external  to  the  trusted  computing 
base.  See  covert  channel. 
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extraction  resistance 

F 

fail  safe 

fail  soft 

failure  access 

failure  control 

fetch  protection 

file  protection 

file  security 

fill  device 

FIREFLY 

firewall 

firmware 


UNCLASSIFIED 

Capability  of  crypto-equipment  or  secure 
telecommunications  equipment  to  resist  efforts  to 
extract  key. 


Automatic  protection  of  programs  and/or 
processing  systems  when  hardware  or  software 
failure  is  detected. 

Selective  termination  of  affected  nonessential 
processing  when  hardware  or  software  failure  is 
determined  to  be  imminent. 

Type  of  incident  in  which  unauthorized  access  to 
data  results  from  hardware  or  software  failure. 

Methodology  used  to  detect  imminent  hardware  or 
software  failure  and  provide  fail  safe  or  fail  soft 
recovery. 

IS  hardware  provided  restriction  to  prevent  a 
program  from  accessing  data  in  another  user’s 
segment  of  storage. 

Aggregate  of  processes  and  procedures  designed  to 
inhibit  unauthorized  access,  contamination, 
elimination,  modification,  or  destruction  of  a  file  or 
any  of  its  contents. 

Means  by  which  access  to  computer  files  is  limited 
to  authorized  users  only. 

COMSEC  item  used  to  transfer  or  store  key  in 
electronic  form  or  to  insert  key  into  a  crypto¬ 
equipment. 

Key  management  protocol  based  on  public  key 
cryptography. 

System  designed  to  defend  against  unauthorized 
access  to  or  from  a  private  network. 

Program  recorded  in  permanent  or  semipermanent 
computer  memory. 
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fixed  COMSEC  facility 

flaw 

flaw  hypothesis  methodology 


flooding 

formal  access  approval 

formal  development 
methodology 

formal  proof 

formal  security  policy  model 

formal  top-level  specification 

formal  verification 


UNCLASSIFIED 

COMSEC  facility  located  in  an  immobile  structure 
or  aboard  a  ship. 

Error  of  commission,  omission,  or  oversight  in  an 
IS  that  may  allow  protection  mechanisms  to  be 
bypassed. 

System  analysis  and  penetration  technique  in 
which  the  specification  and  documentation  for  an 
IS  are  analyzed  to  produce  a  list  of  hypothetical 
flaws.  This  list  is  prioritized  on  the  basis  of  the 
estimated  probability  that  a  flaw  exists  on  the  ease 
of  exploiting  it,  and  on  the  extent  of  control  or 
compromise  it  would  provide.  The  prioritized  list  is 
used  to  perform  penetration  testing  of  a  system. 

Type  of  incident  involving  insertion  of  a  large 
volume  of  data  resulting  in  denial  of  service. 

Documented  approval  by  a  data  owner  allowing 
access  to  a  particular  category  of  information. 

Software  development  strategy  that  proves  security 
design  specifications. 

Complete  and  convincing  mathematical  argument 
presenting  the  full  logical  justification  for  each 
proof  step  and  for  the  truth  of  a  theorem  or  set  of 
theorems. 

Mathematically  precise  statement  of  a  security 
policy.  Such  a  model  must  define  a  secure  state, 
an  initial  state,  and  how  the  model  represents 
changes  in  state.  The  model  must  be  shown  to  be 
secure  by  proving  the  initial  state  is  secure  and  all 
possible  subsequent  states  remain  secure. 

Top-level  specification  written  in  a  formal 
mathematical  language  to  allow  theorems,  showing 
the  correspondence  of  the  system  specification  to 
its  formal  requirements,  to  be  hypothesized  and 
formally  proven. 

Process  of  using  formal  proofs  to  demonstrate  the 
consistency  between  formal  specification  of  a 
system  and  formal  security  policy  model  (design 
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verification)  or  between  formal  specification  and  its 
high-level  program  implementation 
(implementation  verification) . 

frequency  hopping  Repeated  switching  of  frequencies  during  radio 

transmission  according  to  a  specified  algorithm,  to 
minimize  unauthorized  interception  or  jamming  of 
telecommunications . 

front-end  security  filter  Security  filter  logically  separated  from  the 

remainder  of  an  IS  to  protect  system  integrity. 
Synonymous  with  firewall. 

full  maintenance  Complete  diagnostic  repair,  modification,  and 

overhaul  of  INFOSEC  equipment,  including  repair 
of  defective  assemblies  by  piece  part  replacement. 
Also  known  as  depot  maintenance.  See  limited 
maintenance. 

functional  proponent  See  network  sponsor. 

functional  testing  Segment  of  security  testing  in  which  advertised 

security  mechanisms  of  an  IS  are  tested  under 
operational  conditions. 


G 


gateway 


granularity 


Interface  providing  a  compatibility  between 
networks  by  converting  transmission  speeds, 
protocols,  codes,  or  security  measures. 

Relative  fineness  to  which  an  access  control 
mechanism  can  be  adjusted. 


guard 


Process  limiting  the  exchange  of  information 
between  systems. 


Gypsy  verification  environment  Integrated  set  of  software  tools  for  specifying, 

coding,  and  verifying  programs  written  in  the 
Gypsy  language. 
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H 

hacker 

handshaking  procedures 

hard  copy  key 

hardwired  key 
hash  total 

hashing 

hashword 

I 

identification 
identity  token 

identity  validation 

imitative  communications 
deception 

impersonating 

implant 


UNCLASSIFIED 


Unauthorized  user  who  attempts  to  or  gains  access 
to  an  IS. 

Dialogue  between  two  IS’s  for  synchronizing, 
identifying,  and  authenticating  themselves  to  one 
another. 

Physical  keying  material,  such  as  printed  key  lists, 
punched  or  printed  key  tapes,  or  programmable, 
read-only  memories  (PROM). 

Permanently  installed  key. 

Value  computed  on  data  to  detect  error  or 
manipulation.  See  checksum. 

Computation  of  a  hash  total. 

Memory  address  containing  hash  total. 


Process  an  IS  uses  to  recognize  an  entity. 

Smart  card,  metal  key,  or  other  physical  object 
used  to  authenticate  identity. 

Tests  enabling  an  IS  to  authenticate  users  or 
resources. 

Introduction  of  deceptive  messages  or  signals  into 
an  adversary's  telecommunications  signals.  See 
communications  deception  and  manipulative 
communications  deception. 

Form  of  spoofing. 

Electronic  device  or  electronic  equipment 
modification  designed  to  gain  unauthorized 
interception  of  information-bearing  emanations. 
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inadvertent  disclosure  Type  of  incident  involving  accidental  exposure  of 

information  to  a  person  not  authorized  access. 

incident  (IS)  Assessed  occurrence  having  actual  or 

potentially  adverse  effects  on  an  IS. 

(COMSEC)  Occurrence  that  potentially  jeopardizes 
the  security  of  COMSEC  material  or  the  secure 
electrical  transmission  of  national  security 
information  or  information  governed  by  10  U.S.C. 
Section  2315. 

incomplete  parameter  checking  System  flaw  that  exists  when  the  operating  system 

does  not  check  all  parameters  fully  for  accuracy 
and  consistency,  thus  making  the  system 
vulnerable  to  penetration. 

indicator  A  recognized  action,  specific,  generalized,  or 

theoretical,  that  an  adversary  might  be  expected  to 
take  in  preparation  for  an  attack. 

individual  accountability  Ability  to  associate  positively  the  identity  of  a  user 

with  the  time,  method,  and  degree  of  access  to  an 
IS. 

information  assurance  (LA)  Information  operations  that  (IO)  protect  and  defend 

information  and  information  systems  by  ensuring 
their  availability,  integrity,  authentication, 
confidentiality,  and  nonrepudiation.  This  includes 
providing  for  restoration  of  information  systems  by 
incorporating  protection,  detection,  and  reaction 
capabilities. 

information  environment  Aggregate  of  individuals,  organizations,  or  systems 

that  collect,  process,  or  disseminate  information, 
also  included  is  the  information  itself. 

information  flow  control  Procedure  to  ensure  that  information  transfers 

within  an  IS  are  not  made  from  a  higher  security 
level  object  to  an  object  of  a  lower  security  level. 

information  operations  (IO)  Actions  taken  to  affect  adversary  information  and 

ISs  while  defending  one’s  own  information  and  ISs. 

information  system  (IS)  The  entire  infrastructure,  organization,  personnel, 

and  components  for  the  collection,  processing, 
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information  systems  security 
(INFOSEC  and/or  ISS) 


information  systems  security 
engineering  (ISSE) 

information  systems  security 
equipment  modification 


information  systems  security 
manager  (ISSM) 

information  systems 
security  officer  (ISSO) 


information  systems  security 
product 


initialize 


UNCLASSIFIED 

storage,  transmission,  display,  dissemination,  and 
disposition  of  information. 

Protection  of  information  systems  against 
unauthorized  access  to  or  modification  of 
information,  whether  in  storage,  processing  or 
transit,  and  against  the  denial  of  service  to 
authorized  users,  including  those  measures 
necessary  to  detect,  document,  and  counter  such 
threats. 

Effort  to  achieve  and  maintain  optimal  security 
and  survivability  of  a  system  throughout  its  life 
cycle. 

Modification  of  any  fielded  hardware,  firmware, 
software,  or  portion  thereof,  under  NSA 
configuration  control.  There  are  three  classes  of 
modifications:  mandatory  (to  include  human 
safety);  optional/ special  mission  modifications; 
and  repair  actions.  These  classes  apply  to 
elements,  subassemblies,  equipment,  systems,  and 
software  packages  performing  functions  such  as 
key  generation,  key  distribution,  message 
encryption,  decryption,  authentication,  or  those 
mechanisms  necessary  to  satisfy  security  policy, 
labeling,  identification,  or  accountability. 

Principal  advisor  on  computer  security  matters. 


Person  responsible  to  the  designated  approving 
authority  for  ensuring  the  security  of  an 
information  system  throughout  its  life  cycle,  from 
design  through  disposal.  Synonymous  with  system 
security  officer. 

Item  (chip,  module,  assembly,  or  equipment), 
technique,  or  service  that  performs  or  relates  to 
information  systems  security. 

Setting  the  state  of  a  cryptographic  logic  prior  to 
key  generation,  encryption,  or  other  operating 
mode. 
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inspectable  space 


integrity 


integrity  check  value 

interface 

interface  control  document 


interim  approval 


internal  security  controls 


internetwork  private  line 
interface 


internet  protocol  (IP) 


UNCLASSIFIED 

Three  dimensional  space  surrounding  equipment 
that  process  classified  and/or  sensitive  information 
within  which  TEMPEST  exploitation  is  not 
considered  practical  or  where  legal  authority  to 
identify  and/or  remove  a  potential  TEMPEST 
exploitation  exists.  Synonymous  with  zone  of 
control. 

Quality  of  an  IS  reflecting  the  logical  correctness 
and  reliability  of  the  operating  system;  the  logical 
completeness  of  the  hardware  and  software 
implementing  the  protection  mechanisms;  and  the 
consistency  of  the  data  structures  and  occurrence 
of  the  stored  data.  Note  that,  in  a  formal  security 
mode,  integrity  is  interpreted  more  narrowly  to 
mean  protection  against  unauthorized  modification 
or  destruction  of  information. 

Checksum  capable  of  detecting  modification  of  an 
IS. 

Common  boundary  between  independent  systems 
or  modules  where  interactions  take  place. 

Technical  document  describing  interface  controls 
and  identifying  the  authorities  and  responsibilities 
for  ensuring  the  operation  of  such  controls.  This 
document  is  baselined  during  the  preliminary 
design  review  and  is  maintained  throughout  the  IS 
lifecycle. 

Temporary  authorization  granted  by  a  DAA  for  an 
IS  to  process  information  based  on  preliminary 
results  of  a  security  evaluation  of  the  system. 

Hardware,  firmware,  or  software  features  within  an 
IS  that  restrict  access  to  resources  only  to 
authorized  subjects. 

Network  cryptographic  unit  that  provides  secure 
connections,  singularly  or  in  simultaneous 
multiple  connections,  between  a  host  and  a 
predetermined  set  of  corresponding  hosts. 

Standard  protocol  for  transmission  of  data  from 
source  to  destinations  in  packet-switched 
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intrusion 

K 

key 

key-auto-key  (KAK) 

key  card 
(C.F.D.) 

key  distribution  center  (KDC) 

key-encryption-key  (KEK) 

key  list 

key  management 

key  pair 

key  production  key  (KPK) 


UNCLASSIFIED 

communications  networks  and  interconnected 
systems  of  such  networks. 

Unauthorized  act  of  bypassing  the  security 
mechanisms  of  a  system. 


Usually  a  sequence  of  random  or  pseudorandom 
bits  used  initially  to  set  up  and  periodically 
change  the  operations  performed  in  crypto¬ 
equipment  for  the  purpose  of  encrypting  or 
decrypting  electronic  signals,  or  for  determining 
electronic  counter-countermeasures  patterns,  or 
for  producing  other  key. 

Cryptographic  logic  using  previous  key  to  produce 
key. 

Paper  card,  containing  a  pattern  of  punched  holes, 
that  establishes  key  for  a  specific  cryptonet  at  a 
specific  time. 

COMSEC  facility  generating  and  distributing  key  in 
electrical  form. 

Key  that  encrypts  or  decrypts  other  key  for 
transmission  or  storage. 

Printed  series  of  key  settings  for  a  specific 
cryptonet.  Key  lists  may  be  produced  in  list,  pad, 
or  printed  tape  format. 

Supervision  and  control  of  the  process  whereby  key 
is  generated,  stored,  protected,  transferred,  loaded, 
used,  and  destroyed. 

Public  key  and  its  corresponding  private  key  as 
used  in  public  key  cryptography. 

Key  used  to  initialize  a  keystream  generator  for  the 
production  of  other  electronically  generated  key. 
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key  recovery 

key  stream 

key  tag 

key  tape 

key  updating 

keying  material 

L 

label 

labeled  security  protections 

laboratory  attack 

least  privilege 

level  of  protection 


UNCLASSIFIED 

Mechanisms  and  processes  that  allow  authorized 
parties  to  retrieve  the  cryptographic  key  used  for 
data  confidentiality. 

Sequence  of  symbols  (or  their  electrical  or 
mechanical  equivalents)  produced  in  a  machine  or 
auto-manual  cryptosystem  to  combine  with  plain 
text  to  produce  cipher  text,  control  transmission 
security  processes,  or  produce  key. 

Identification  information  associated  with  certain 
types  of  electronic  key. 

Punched  or  magnetic  tape  containing  key.  Printed 
key  in  tape  form  is  referred  to  as  a  key  list. 

Irreversible  cryptographic  process  for  modifying 
key. 

Key,  code,  or  authentication  information  in 
physical  or  magnetic  form. 


See  security  label. 

Elementary-level  mandatory  access  control 
protection  features  and  intermediate-level 
discretionary  access  control  features  in  a  TCB  that 
uses  sensitivity  labels  to  make  access  control 
decisions. 

Use  of  sophisticated  signal  recovery  equipment  in  a 
laboratory  environment  to  recover  information  from 
data  storage  media. 

Principle  requiring  that  each  subject  be  granted 
the  most  restrictive  set  of  privileges  needed  for  the 
performance  of  authorized  tasks.  Application  of 
this  principle  limits  the  damage  that  can  result 
from  accident,  error,  or  unauthorized  use  of  an  IS. 

Extent  to  which  protective  measures,  techniques, 
and  procedures  must  be  applied  to  ISs  and 
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limited  maintenance 


line  conditioning 


line  conduction 


link  encryption 


list-oriented 


local  authority 


Local  Management  Device/ 
Key  Processor  (LMD /KP) 


networks  based  on  risk,  threat,  vulnerability, 
system  interconnectivity  considerations,  and 
information  assurance  needs.  Levels  of  protection 
are:  1.  Basic:  IS  and  networks  requiring 
implementation  of  standard  minimum  security 
countermeasures.  2.  Medium:  IS  and  networks 
requiring  layering  of  additional  safeguards  above 
the  standard  minimum  security  countermeasures. 
3.  High:  IS  and  networks  requiring  the  most 
stringent  protection  and  rigorous  security 
countermeasures. 

COMSEC  maintenance  restricted  to  fault  isolation, 
removal,  and  replacement  of  plug-in  assemblies. 
Soldering  or  unsoldering  usually  is  prohibited  in 
limited  maintenance.  See  full  maintenance. 

Elimination  of  unintentional  signals  or  noise 
induced  or  conducted  on  a  telecommunications  or 
IS  signal,  power,  control,  indicator,  or  other 
external  interface  line. 

Unintentional  signals  or  noise  induced  or 
conducted  on  a  telecommunications  or  IS  signal, 
power,  control,  indicator,  or  other  external 
interface  line. 

Encryption  of  information  between  nodes  of  a 
communications  system. 

IS  protection  in  which  each  protected  object  has  a 
list  of  all  subjects  authorized  to  access  it.  See  also 
ticket-oriented. 

Organization  responsible  for  generating  and 
signing  user  certificates. 

An  EKMS  platform  providing  automated 
management  of  COMSEC  material  and  generating 
key  for  designated  users. 


lock  and  key  protection  system  Protection  system  that  involves  matching  a  key  or 

password  with  a  specific  access  requirement. 
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logic  bomb  Resident  computer  program  triggering  an 

unauthorized  act  when  particular  states  of  an  IS 
are  realized. 

logical  completeness  measure  Means  for  assessing  the  effectiveness  and  degree  to 

which  a  set  of  security  and  access  control 
mechanisms  meets  security  specifications. 

long  title  Descriptive  title  of  a  COMSEC  item. 

low  probability  of  detection  Result  of  measures  used  to  hide  or  disguise 

intentional  electromagnetic  transmissions. 

low  probability  of  intercept  Result  of  measures  to  prevent  the  intercept  of 

intentional  electromagnetic  transmissions. 


M 


magnetic  remanence 


maintenance  hook 


maintenance  key 
malicious  applets 


malicious  code 


malicious  logic 


Magnetic  representation  of  residual  information 
remaining  on  a  magnetic  medium  after  the 
medium  has  been  cleared.  See  clearing. 

Special  instructions  (trapdoors)  in  software 
allowing  easy  maintenance  and  additional  feature 
development.  Since  maintenance  hooks  frequently 
allow  entry  into  the  code  without  the  usual 
checks,  they  are  a  serious  security  risk  if  they  are 
not  removed  prior  to  live  implementation. 

Key  intended  only  for  in-shop  use. 

Small  application  programs  automatically 
downloaded  and  executed  that  perform  an 
unauthorized  function  on  an  IS. 

Software  or  firmware  capable  of  performing  an 
unauthorized  process  on  an  IS. 

Hardware,  software,  or  firmware  capable  of 
performing  an  unauthorized  function  on  an  IS. 


mandatory  access  control  Means  of  restricting  access  to  objects 

(MAC)  based  on  the  sensitivity  of  the  information 

contained  in  the  objects  and  the  formal 
authorization  (i.e.,  clearance,  formal  access 
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mandatory  modification 


manipulative  communications 
deception 


manual  cryptosystem 


manual  remote  rekeying 


masquerading 

master  crypto-ignition  key 


material  symbol 
(MATSYM)  (C.F.D.) 

memory  scavenging 


message  authentication  code 


message  externals 


message  indicator 


approvals,  and  need-to-know)  of  subjects  to  access 
information  of  such  sensitivity.  See  discretionary 
access  control. 

Change  to  a  COMSEC  end-item  that  NSA  requires 
to  be  completed  and  reported  by  a  specified  date. 
See  optional  modification. 

Alteration  or  simulation  of  friendly 
telecommunications  for  the  purpose  of  deception. 
See  communications  deception  and  imitative 
communications  deception. 

Cryptosystem  in  which  the  cryptographic  processes 
are  performed  without  the  use  of  crypto-equipment 
or  auto-manual  devices. 

Procedure  by  which  a  distant  crypto-equipment  is 
rekeyed  electrically,  with  specific  actions  required 
by  the  receiving  terminal  operator. 

Form  of  spoofing. 

A  key  device  with  electronic  logic  and  circuits 
providing  the  capability  for  adding  more 
operational  CIKs  to  a  keyset  (maximum  of  seven) 
any  time  after  fill  procedure  is  completed.  The 
master  CIK  can  only  be  made  during  the  fill 
procedure  as  the  first  CIK. 

Communications  circuit  identifier  used  for  key 
card  resupply  purposes. 

The  collection  of  residual  information  from  data 
storage. 

Data  associated  with  an  authenticated  message 
allowing  a  receiver  to  verify  the  integrity  of  the 
message. 

Information  outside  of  the  message  text,  such  as 
the  header,  trailer,  etc. 

Sequence  of  bits  transmitted  over  a 
communications  system  for  synchronizing  crypto¬ 
equipment.  Some  off-line  cryptosystems,  such  as 
the  KL-51  and  one-time  pad  systems,  employ 
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mimicking 
mode  of  operation 


multilevel  device 


multilevel  mode 


multilevel  security  (MLS) 


mutual  suspicion 


UNCLASSIFIED 

message  indicators  to  establish  decryption  starting 
points. 

Form  of  spoofing. 

Description  of  the  conditions  under  which  an  IS 
operates  based  on  the  sensitivity  of  information 
processed  and  the  clearance  levels,  formal  access 
approvals,  and  need-to-know  of  its  users.  Four 
modes  of  operation  are  authorized  for  processing  or 
transmitting  information:  dedicated  mode,  system- 
high  mode,  compartmented/partitioned  mode,  and 
multilevel  mode. 

Equipment  trusted  to  properly  maintain  and 
separate  data  of  different  security  categories. 

INFOSEC  mode  of  operation  wherein  all  the 
following  statements  are  satisfied  concerning  the 
users  who  have  direct  or  indirect  access  to  the 
system,  its  peripherals,  remote  terminals,  or 
remote  hosts:  a.  some  users  do  not  have  a  valid 
security  clearance  for  all  the  information  processed 
in  the  IS;  b.  all  users  have  the  proper  security 
clearance  and  appropriate  formal  access  approval 
for  that  information  to  which  they  have  access;  and 
c.  all  users  have  a  valid  need-to-know  only  for 
information  to  which  they  have  access. 

Concept  of  processing  information  with  different 
classifications  and  categories  that  simultaneously 
permits  access  by  users  with  different  security 
clearances  and  denies  access  to  users  who  lack 
authorization. 

Condition  in  which  two  IS’s  need  to  rely  upon  each 
other  to  perform  a  service,  yet  neither  trusts  the 
other  to  properly  protect  shared  data. 
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N 


national  security  information  Information  that  has  been  determined,  pursuant  to 

(NSI)  Executive  Order  12958  or  any  predecessor  order, 

to  require  protection  against  unauthorized 
disclosure. 

national  security  system  Any  telecommunications  or  information  system 

operated  by  the  United  States  Government,  the 
function,  operation,  or  use  of  which:  1.  involves 
intelligence  activities;  2.  involves  cryptologic 
activities  related  to  national  security;  3.  involves 
command  and  control  of  military  forces;  4. 
involves  equipment  that  is  an  integral  part  of  a 
weapon  or  weapon  system;  or  5.  is  critical  to  the 
direct  fulfillment  of  military  or  intelligence 
missions  and  does  not  include  a  system  that  is  to 
be  used  for  routine  administrative  and  business 
applications  (including  payroll,  finance,  logistics, 
and  personnel  management  applications) .  (Title  40 
U.S.C.  Sectionl452,  Information  Technology 
Management  Reform  Act  of  1996.) 

need-to-know  The  necessity  for  access  to,  or  knowledge  or 

possession  of,  specific  information  required  to 
carry  out  official  duties. 

network  IS  implemented  with  a  collection  of  interconnected 

nodes. 

network  front-end  Device  implementing  protocols  that  allow 

attachment  of  a  computer  system  to  a  network. 

network  reference  monitor  See  reference  monitor. 


network  security  See  information  systems  security. 

network  security  architecture  Subset  of  network  architecture  specifically 

addressing  security- re  levant  issues. 

network  security  officer  See  information  systems  security  officer. 

network  sponsor  Individual  or  organization  responsible  for  stating 

the  security  policy  enforced  by  the  network, 
designing  the  network  security  architecture  to 
properly  enforce  that  policy,  and  ensuring  the 
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network  is  implemented  in  such  a  way  that  the 
policy  is  enforced. 

network  system  System  implemented  with  a  collection  of 

interconnected  components.  A  network  system  is 
based  on  a  coherent  security  architecture  and 
design. 

Totality  of  protection  mechanisms  within  a 
network,  including  hardware,  firmware,  and 
software,  the  combination  of  which  is  responsible 
for  enforcing  a  security  policy.  See  trusted 
computing  base. 

Totality  of  mechanisms  within  a  single  network 
component  for  enforcing  the  network  policy,  as 
allocated  to  that  component;  the  part  of  the  NTCB 
within  a  single  network  component. 

network  weaving  Penetration  technique  in  which  different 

communication  networks  are  linked  to  access  an 
IS  to  avoid  detection  and  trace-back. 

no-lone  zone  Area,  room,  or  space  that,  when  staffed,  must  be 

occupied  by  two  or  more  appropriately  cleared 
individuals  who  remain  within  sight  of  each  other. 
See  two-person  integrity. 

nonrepudiation  Assurance  the  sender  of  data  is  provided  with  proof 

of  delivery  and  the  recipient  is  provided  with  proof 
of  the  sender’s  identity,  so  neither  can  later  deny 
having  processed  the  data. 

null  Dummy  letter,  letter  symbol,  or  code  group 

inserted  into  an  encrypted  message  to  delay  or 
prevent  its  decryption  or  to  complete  encrypted 
groups  for  transmission  or  transmission  security 
purposes. 
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(NTCB)  partition 


network  trusted  computing  base 
(NTCB) 
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o 

object 

object  reuse 

off-line  cryptosystem 

one-part  code 


one-time  cryptosystem 
one-time  pad 

one-time  tape 

on-line  cryptosystem 

open  storage 

operational  data  security 
(C.F.D) 


UNCLASSIFIED 


Passive  entity  containing  or  receiving  information. 
Access  to  an  object  implies  access  to  the 
information  it  contains. 

Reassignment  and  re-use  of  a  storage  medium 
containing  one  or  more  objects  after  ensuring  no 
residual  data  remains  on  the  storage  medium. 

Cryptosystem  in  which  encryption  and  decryption 
are  performed  independently  of  the  transmission 
and  reception  functions. 

Code  in  which  plain  text  elements  and  their 
accompanying  code  groups  are  arranged  in 
alphabetical,  numerical,  or  other  systematic  order, 
so  one  listing  serves  for  both  encoding  and 
decoding.  One-part  codes  are  normally  small 
codes  used  to  pass  small  volumes  of  low- sensitivity 
information. 

Cryptosystem  employing  key  used  only  once. 

Manual  one-time  cryptosystem  produced  in  pad 
form. 

Punched  paper  tape  used  to  provide  key  streams 
on  a  one-time  basis  in  certain  machine 
cryptosystems. 

Cryptosystem  in  which  encryption  and  decryption 
are  performed  in  association  with  the  transmitting 
and  receiving  functions. 

Storage  of  classified  information  within  an 
accredited  facility,  but  not  in  General  Services 
Administration  approved  secure  containers,  while 
the  facility  is  unoccupied  by  authorized  personnel. 

Protection  of  data  from  either  accidental  or 
unauthorized  intentional  modification,  destruction, 
or  disclosure  during  input,  processing,  storage, 
transmission,  or  output  operations. 
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operational  key 


operational  waiver 


operations  code 


operations  security  (OPSEC) 


optional  modification 


Orange  Book 
(C.F.D) 

organizational  maintenance 

organizational  registration 
authority  (ORA) 

over-the-air  key  distribution 

over-the-air  key  transfer 

over-the-air  rekeying  (OTAR) 


UNCLASSIFIED 

Key  intended  for  use  over-the-air  for  protection  of 
operational  information  or  for  the  production  or 
secure  electrical  transmission  of  key  streams. 

Authority  for  continued  use  of  unmodified 
COMSEC  end-items  pending  the  completion  of  a 
mandatory  modification. 

Code  composed  largely  of  words  and  phrases 
suitable  for  general  communications  use. 

Process  denying  information  to  potential 
adversaries  about  capabilities  and/or  intentions  by 
identifying,  controlling,  and  protecting  unclassified 
generic  activities. 

NSA-approved  modification  not  required  for 
universal  implementation  by  all  holders  of  a 
COMSEC  end-item.  This  class  of  modification 
requires  all  of  the  engineering/doctrinal  control  of 
mandatory  modification  but  is  usually  not  related 
to  security,  safety,  TEMPEST,  or  reliability. 

The  DoD  Trusted  Computer  System  Evaluation 
Criteria  (DoD  5200.28-STD). 

Limited  maintenance  performed  by  a  user 
organization. 

Entity  within  the  PKI  that  authenticates  the 
identity  and  the  organizational  affiliation  of  the 
users. 

Providing  electronic  key  via  over-the-air  rekeying, 
over-the-air  key  transfer,  or  cooperative  key 
generation. 

Electronically  distributing  key  without  changing 
traffic  encryption  key  used  on  the  secured 
communications  path  over  which  the  transfer  is 
accomplished. 

Changing  traffic  encryption  key  or  transmission 
security  key  in  remote  crypto-equipment  by 
sending  new  key  directly  to  the  remote  crypto- 


41 


UNCLASSIFIED 


NSTIS5I  No.  4009 


overt  channel 

overwrite  procedure 

P 

parity 

partitioned  security  mode 

password 

penetration 
penetration  testing 

per-call  key 

periods  processing 


UNCLASSIFIED 

equipment  over  the  communications  path  it 
secures. 

Communications  path  within  a  computer  system 
or  network  designed  for  the  authorized  transfer  of 
data.  See  covert  channel. 

Process  of  writing  patterns  of  data  on  top  of  the 
data  stored  on  a  magnetic  medium. 


Bit(s)  used  to  determine  whether  a  block  of  data 
has  been  altered. 

IS  security  mode  of  operation  wherein  all  personnel 
have  the  clearance,  but  not  necessarily  formal 
access  approval  and  need-to-know,  for  all 
information  handled  by  an  IS. 

Protected/private  alphanumeric  string  used  to 
authenticate  an  identity  or  to  authorize  access  to 
data. 

See  intrusion. 

Security  testing  in  which  evaluators  attempt  to 
circumvent  the  security  features  of  a  system  based 
on  their  understanding  of  the  system  design  and 
implementation. 

Unique  traffic  encryption  key  generated 
automatically  by  certain  secure 
telecommunications  systems  to  secure  single  voice 
or  data  transmissions.  See  cooperative  key 
generation. 

Processing  of  various  levels  of  classified  and 
unclassified  information  at  distinctly  different 
times.  Under  the  concept  of  periods  processing, 
the  system  must  be  purged  of  all  information  from 
one  processing  period  before  transitioning  to  the 
next. 
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permuter  Device  used  in  crypto-equipment  to  change  the 

order  in  which  the  contents  of  a  shift  register  are 
used  in  various  nonlinear  combining  circuits. 

plain  text  Unencrypted  information. 

policy  approving  authority  (PAA)  First  level  of  the  PKI  Certification  Management 

Authority  that  approves  the  security  policy  of  each 
PCA. 

policy  certification  authority  (PCA)  Second  level  of  the  PKI  Certification  Management 

Authority  that  formulates  the  security  policy  under 
which  it  and  its  subordinate  CAs  will  issue  public 
key  certificates. 

positive  control  material  Generic  term  referring  to  a  sealed  authenticator 

system,  permissive  action  link,  coded  switch 
system,  positive  enable  system,  or  nuclear 
command  and  control  documents,  material,  or 
devices. 


preproduction  model 


print  suppression 


privacy  system 


privileged  access 


probe 


production  model 


Version  of  INFOSEC  equipment  employing 
standard  parts  and  suitable  for  complete 
evaluation  of  form,  design,  and  performance. 
Preproduction  models  are  often  referred  to  as  beta 
models. 

Eliminating  the  display  of  characters  in  order  to 
preserve  their  secrecy. 

Commercial  encryption  system  that  affords 
telecommunications  limited  protection  to  deter  a 
casual  listener,  but  cannot  withstand  a  technically 
competent  cryptanalytic  attack. 

Explicitly  authorized  access  of  a  specific  user, 
process,  or  computer  to  a  computer  resource(s). 

Type  of  incident  involving  an  attempt  to  gather 
information  about  an  IS  for  the  apparent  purpose 
of  circumventing  its  security  controls. 

INFOSEC  equipment  in  its  final  mechanical  and 
electrical  form. 


proprietary  information  Material  and  information  relating  to  or  associated 

with  a  company’s  products,  business,  or  activities, 
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including  but  not  limited  to  financial  information; 
data  or  statements;  trade  secrets;  product  research 
and  development;  existing  and  future  product 
designs  and  performance  specifications;  marketing 
plans  or  techniques;  schematics;  client  lists; 
computer  programs;  processes;  and  know-how  that 
have  been  clearly  identified  and  properly  marked 
by  the  company  as  proprietary  information,  trade 
secrets,  or  company  confidential  information.  The 
information  must  have  been  developed  by  the 
company  and  not  be  available  to  the  Government 
or  to  the  public  without  restriction  from  another 
source. 

protected  communications  Telecommunications  deriving  their  protection 

(C.F.D.)  through  use  of  type  2  products  or  data  encryption 

standard  equipment.  See  type  2  product. 

Wire  line  or  fiber  optic  distribution  system  used  to 
transmit  unencrypted  classified  national  security 
information  through  an  area  of  lesser  classification 
or  control. 

protection  philosophy  Informal  description  of  the  overall  design  of  an  IS 

delineating  each  of  the  protection  mechanisms 
employed.  Combination  of  formal  and  informal 
techniques,  appropriate  to  the  evaluation  class, 
used  to  show  the  mechanisms  are  adequate  to 
enforce  the  security  policy. 

protection  ring  One  of  a  hierarchy  of  privileged  modes  of  an  IS  that 

gives  certain  access  rights  to  user  programs  and 
processes  that  are  authorized  to  operate  in  a  given 
mode. 

protective  packaging  Packaging  techniques  for  COMSEC  material  that 

discourage  penetration,  reveal  a  penetration  has 
occurred  or  was  attempted,  or  inhibit  viewing  or 
copying  of  keying  material  prior  to  the  time  it  is 
exposed  for  use. 

protective  technologies  Special  tamper-evident  features  and  materials 

employed  for  the  purpose  of  detecting  tampering 
and  deterring  attempts  to  compromise,  modify, 
penetrate,  extract,  or  substitute  information 
processing  equipment  and  keying  material. 
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protective  technology/  Any  penetration  of  INFOSEC  protective  technology 

package  incident  or  packaging,  such  as  a  crack,  cut,  or  tear. 

(C.F.D.) 

protocol  Set  of  rules  and  formats,  semantic  and  synt  actic, 

permiting  IS’s  to  exchange  information. 

proxy  Software  agent  that  performs  a  function  or 

operation  on  behalf  of  another  application  or 
system  while  hiding  the  details  involved. 

public  key  certificate  Contains  the  name  of  a  user,  the  public  key 

component  of  the  user,  and  the  name  of  the  issuer 
who  vouches  that  the  public  key  component  is 
bound  to  the  named  user. 

public  cryptography  Body  of  cryptographic  and  related  knowledge, 

(C.F.D.)  study,  techniques,  and  applications  that  is,  or  is 

intended  to  be,  in  the  public  domain. 

public  key  cryptography  (PKC)  Encryption  system  using  a  linked  pair  of  keys. 

What  one  key  encrypts,  the  other  key  decrypts. 

public  key  infrastructure  (PKI)  Framework  established  to  issue,  maintain,  and 

revoke  public  key  certificates  accommodating  a 
variety  of  security  technologies,  including  the  use 
of  software. 

purging  Rendering  stored  information  unrecoverable.  See 

sanitize. 


Q 

QUADRANT  Short  name  referring  to  technology  that  provides 

tamper-resistant  protection  to  crypto-equipment. 

R 

rainbow  series 
(C.F.D.) 

45 


Set  of  publications  that  interpret  Orange  Book 
requirements  for  trusted  systems. 


UNCLASSIFIED 


NSTIS5I  No.  4009 


UNCLASSIFIED 


randomizer 


read 


read  access 
real  time  reaction 


recovery  procedures 


RED 


RED /BLACK  concept 


Red  team 


RED  signal 


reference  monitor 


Analog  or  digital  source  of  unpredictable, 
unbiased,  and  usually  independent  bits. 
Randomizers  can  be  used  for  several  different 
functions,  including  key  generation  or  to  provide  a 
starting  state  for  a  key  generator. 

Fundamental  operation  in  an  IS  that  results  only 
in  the  flow  of  information  from  an  object  to  a 
subject. 

Permission  to  read  information  in  an  IS. 

Immediate  response  to  a  penetration  attempt  that 
is  detected  and  diagnosed  in  time  to  prevent 
access. 

Actions  necessary  to  restore  data  files  of  an  IS  and 
computational  capability  after  a  system  failure. 

Designation  applied  to  an  IS,  and  associated  areas, 
circuits,  components,  and  equipment  in  which 
unencrypted  national  security  information  is  being 
processed. 

Separation  of  electrical  and  electronic  circuits, 
components,  equipment,  and  systems  that  handle 
national  security  information  (RED) ,  in  electrical 
form,  from  those  that  handle  non-national  security 
information  (BLACK)  in  the  same  form. 

Independent  and  focused  threat-based  effort  by  an 
interdisciplinary,  simulated  adversary  to  expose 
and  exploit  vulnerabilities  as  a  means  to  improve 
the  security  posture  of  ISs. 

Any  electronic  emission  (e.g.,  plain  text,  key,  key 
stream,  subkey  stream,  initial  fill,  or  control  signal) 
that  would  divulge  national  security  information  if 
recovered. 

Access  control  concept  referring  to  an  abstract 
machine  that  mediates  all  accesses  to  objects  by 
subjects. 


reference  validation  mechanism  Portion  of  a  trusted  computing  base  whose  normal 

function  is  to  control  access  between  subjects  and 
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release  prefix 


remanence 


remote  rekeying 


repair  action 


reserve  keying  material 


residual  risk 


residue 


resource  encapsulation 


risk 


UNCLASSIFIED 

objects  and  whose  correct  operation  is  essential  to 
the  protection  of  data  in  the  system. 

Prefix  appended  to  the  short  title  of  U.S. -produced 
keying  material  to  indicate  its  foreign  releasability. 
"A"  designates  material  that  is  releasable  to  specific 
allied  nations  and  "U.S."  designates  material 
intended  exclusively  for  U.  S.  use. 

Residual  information  remaining  on  storage  media 
after  clearing.  See  magnetic  remanence  and 
clearing. 

Procedure  by  which  a  distant  crypto-equipment  is 
rekeyed  electrically.  See  automatic  remote 
rekeying  and  manual  remote  rekeying. 

NSA-approved  change  to  a  COMSEC  end-item  that 
does  not  affect  the  original  characteristics  of  the 
end-item  and  is  provided  for  optional  application 
by  holders.  Repair  actions  are  limited  to  minor 
electrical  and/or  mechanical  improvements  to 
enhance  operation,  maintenance,  or  reliability. 
They  do  not  require  an  identification  label, 
marking,  or  control  but  must  be  fully  documented 
by  changes  to  the  maintenance  manual. 

Key  held  to  satisfy  unplanned  needs.  See 
contingency  key. 

Portion  of  risk  remaining  after  security  measures 
have  been  applied. 

Data  left  in  storage  after  information  processing 
operations  are  complete,  but  before  degaussing  or 
overwriting  has  taken  place. 

Method  by  which  the  reference  monitor  mediates 
accesses  to  an  IS  resource.  Resource  is  protected 
and  not  directly  accessible  by  a  subject.  Satisfies 
requirement  for  accurate  auditing  of  resource 
usage. 

Possibility  that  a  particular  threat  will  adversely 
impact  an  IS  by  exploiting  a  particular 
vulnerability. 
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risk  analysis 

risk  assessment 
risk  index 

risk  management 

s 

safeguarding  statement 


sanitize 

scavenging 

scratch  pad  store  (SPS) 
(C.F.D.) 

secure  communications 

secure  hash  standard 

secure  operating  system 
(C.F.D.) 


UNCLASSIFIED 

Examination  of  information  to  identify  the  risk  to 
an  IS. 

Formal  description  and  evaluation  of  risk  to  an  IS. 

Difference  between  the  minimum  clearance  or 
authorization  of  IS  users  and  the  maximum 
sensitivity  (e.g.,  classification  and  categories)  of 
data  processed  by  the  system. 

Process  of  identifying  and  applying 
countermeasures  commensurate  with  the  value  of 
the  assets  protected  based  on  a  risk  assessment. 


Statement  affixed  to  a  computer  output  or  printout 
that  states  the  highest  classification  being 
processed  at  the  time  the  product  was  produced 
and  requires  control  of  the  product,  at  that  level, 
until  determination  of  the  true  classification  by  an 
authorized  person.  Synonymous  with  banner. 

Process  to  remove  information  from  media  such 
that  data  recovery  is  not  possible.  It  includes 
removing  all  classified  labels,  markings,  and 
activity  logs.  See  purging. 

Searching  through  object  residue  to  acquire  data. 
Temporary  key  storage  in  crypto-equipment. 


Telecommunications  deriving  security  through  use 
of  type  1  products  and/or  PDSs. 

Specification  for  a  secure  hash  algorithm  that  can 
generate  a  condensed  message  representation 
called  a  message  digest. 

Resident  software  controlling  hardware  and  other 
software  functions  in  an  IS  to  provide  a  level  of 
protection  or  security  appropriate  to  the 
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secure  state 

secure  subsystem 

security  fault  analysis 
(SFA) 

security  features  users  guide 
(SFUG) 

security  filter 

security  flaw 
(C.F.D.) 

security  inspection 

security  kernel 

security  label 

security  net  control  station 


UNCLASSIFIED 

classification,  sensitivity,  and/or  criticality  of  the 
data  and  resources  it  manages. 

Condition  in  which  no  subject  can  access  any 
object  in  an  unauthorized  manner. 

Subsystem  containing  its  own  implementation  of 
the  reference  monitor  concept  for  those  resources 
it  controls.  Secure  subsystem  must  depend  on 
other  controls  and  the  base  operating  system  for 
the  control  of  subjects  and  the  more  primitive 
system  objects. 

Assessment,  usually  performed  on  IS  hardware,  to 
determine  the  security  properties  of  a  device  when 
hardware  fault  is  encountered. 

Guide  or  manual  explaining  how  the  security 
mechanisms  in  a  specific  system  work. 

IS  trusted  subsystem  that  enforces  security  policy 
on  the  data  passing  through  it. 

Error  of  commission  or  omission  in  an  IS  that  may 
allow  protection  mechanisms  to  be  bypassed.  See 
vulnerability. 

Examination  of  an  IS  to  determine  compliance  with 
security  policy,  procedures,  and  practices. 

Hardware,  firmware,  and  software  elements  of  a 
trusted  computing  base  implementing  the 
reference  monitor  concept.  Security  kernel  must 
mediate  all  accesses,  be  protected  from 
modification,  and  be  verifiable  as  correct. 

Information  representing  the  sensitivity  of  a 
subject  or  object,  such  as  its  hierarchical 
classification  (CONFIDENTIAL,  SECRET,  TOP 
SECRET)  together  with  any  applicable 
nonhierarchical  security  categories 
(e.g.,  sensitive  compartmented  information,  critical 
nuclear  weapon  design  information). 

Management  system  overseeing  and  controlling 
implementation  of  network  security  policy. 
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security  perimeter  All  components/devices  of  an  IS  to  be  accredited. 

Separately  accredited  components  generally  are 
not  included  within  the  perimeter. 

security  policy  See  information  systems  security  policy. 

security  range  Highest  and  lowest  security  levels  that  are 

permitted  in  or  on  an  IS,  system  component, 
subsystem,  or  network. 

security  requirements  Types  and  levels  of  protection  necessary  for 

equipment,  data,  information,  applications,  and 
facilities  to  meet  IS  security  policy. 

security  requirements  baseline  Description  of  the  minimum  requirements 

necessary  for  an  IS  to  maintain  an  acceptable  level 
of  security. 

security  safeguards  Protective  measures  and  controls  prescribed  to 

meet  the  security  requirements  specified  for  an  IS. 
Safeguards  may  include  security  features, 
management  constraints,  personnel  security,  and 
security  of  physical  structures,  areas,  and  devices. 
See  accreditation. 

security  specification  Detailed  description  of  the  safeguards  required  to 

protect  an  IS. 

Examination  and  analysis  of  the  safeguards 
required  to  protect  an  IS,  as  they  have  been 
applied  in  an  operational  environment,  to 
determine  the  security  posture  of  that  system. 

security  testing  Process  to  determine  that  an  IS  protects  data  and 

maintains  functionality  as  intended. 

seed  key  Initial  key  used  to  start  an  updating  or  key 

generation  process. 

sensitive  information  Information,  the  loss,  misuse,  or  unauthorized 

access  to  or  modification  of,  which  could  adversely 
affect  the  national  interest  or  the  conduct  of  federal 
programs,  or  the  privacy  to  which  individuals  are 
entitled  under  5  U.S.C.  Section  552a  (the  Privacy 
Act),  but  that  has  not  been  specifically  authorized 
under  criteria  established  by  an  Executive  Order  or 
an  Act  of  Congress  to  be  kept  classified  in  the 
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(ST&E) 


UNCLASSIFIED 
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sensitivity  label 


shielded  enclosure 

short  title 


simple  security  property 

single -level  device 
(C.F.D.) 

single  point  keying 

sniffer 

software  system  test  and 
evaluation  process 


special  mission  modification 
(C.F.D.) 

speech  privacy 
(C.F.D.) 


UNCLASSIFIED 

interest  of  national  defense  or  foreign  policy. 
(Systems  that  are  not  national  security  systems, 
but  contain  sensitive  information,  are  to  be 
protected  in  accordance  with  the  requirements  of 
the  Computer  Security  Act  of  1987  (P.L.  100-235).) 

Information  representing  elements  of  the  security 
label(s)  of  a  subject  and  an  object.  Sensitivity 
labels  are  used  by  the  trusted  computing  base 
(TCB)  as  the  basis  for  mandatory  access  control 
decisions. 

Room  or  container  designed  to  attenuate 
electromagnetic  radiation. 

Identifying  combination  of  letters  and  numbers 
assigned  to  certain  COMSEC  materials  to  facilitate 
handling,  accounting,  and  controlling. 

Bell-La  Padula  security  model  rule  allowing  a 
subject  read  access  to  an  object,  only  if  the 
security  level  of  the  subject  dominates  the  security 
level  of  the  object. 

IS  device  not  trusted  to  properly  maintain  and 
separate  data  to  different  security  levels. 

Means  of  distributing  key  to  multiple,  local  crypto¬ 
equipment  or  devices  from  a  single  fill  point. 

Software  tool  for  auditing  and  identifying  network 
traffic  packets. 

Process  that  plans,  develops,  and  documents  the 
quantitative  demonstration  of  the  fulfillment  of  all 
baseline  functional  performance,  operational,  and 
interface  requirements. 

Mandatory  or  optional  modification  that  applies 
only  to  a  specific  mission,  purpose,  operational,  or 
environmental  need. 

Techniques  using  fixed  sequence  permutations  or 
voice/speech  inversion  to  render  speech 
unintelligible  to  the  casual  listener. 
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split  knowledge 


spoofing 


spread  spectrum 


star  (*)  property 


start-up  KEK 


state  variable 


storage  object 


subassembly 


subject 


subject  security  level 


UNCLASSIFIED 

Separation  of  data  or  information  into  two  or  more 
parts,  each  part  constantly  kept  under  control  of 
separate  authorized  individuals  or  teams  so  that 
no  one  individual  or  team  will  know  the  whole 
data. 

Unauthorized  use  of  legitimate  Indentification  and 
Authentication  (I&A)  data,  however  it  was  obtained, 
to  mimic  a  subject  different  from  the  attacker. 
Impersonating,  masquerading,  piggybacking,  and 
mimicking  are  forms  of  spoofing. 

Telecommunications  techniques  in  which  a  signal 
is  transmitted  in  a  bandwidth  considerably  greater 
than  the  frequency  content  of  the  original 
information.  Frequency  hopping,  direct  sequence 
spreading,  time  scrambling,  and  combinations  of 
these  techniques  are  forms  of  spread  spectrum. 

Bell-La  Padula  security  model  rule  allowing  a 
subject  write  access  to  an  object  only  if  the 
security  level  of  the  object  dominates  the  security 
level  of  the  subject. 

Key-encryption-key  held  in  common  by  a  group  of 
potential  communicating  entities  and  used  to 
establish  ad  hoc  tactical  networks. 

Variable  representing  either  the  state  of  an  IS  or 
the  state  of  some  system  resource. 

An  object  supporting  both  read  and  write  accesses 
to  an  IS. 

Major  subdivision  of  an  assembly  consisting  of  a 
package  of  parts,  elements,  and  circuits  that 
perform  a  specific  function. 

Generally  a  person,  process,  or  device  causing 
information  to  flow  among  objects  or  change  to  the 
system  state. 

Sensitivity  label(s)  of  the  objects  to  which  the 
subject  has  both  read  and  write  access.  Security 
level  of  a  subject  must  always  be  dominated  by  the 
clearance  level  of  the  user  associated  with  the 
subject. 
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sub-registration  authority  (SRA)  Individual  with  primary  responsibility  for  managing 
(C.F.D.)  the  distinguished  name  process. 


superencryption  Process  of  encrypting  encrypted  information. 

Occurs  when  a  message,  encrypted  off-line,  is 
transmitted  over  a  secured,  on-line  circuit,  or  when 
information  encrypted  by  the  originator  is 
multiplexed  onto  a  communications  trunk,  which 
is  then  bulk  encrypted. 

supersession  Scheduled  or  unscheduled  replacement  of  a 

COMSEC  aid  with  a  different  edition. 


superuser 

(C.F.D.) 


Special  user  who  can  perform  control  of  processes, 
devices,  networks,  and  file  systems. 


supervisor  state 


suppression  measure 


surrogate  access 
syllabary 


symmetric  key 


Synonymous  with  executive  state  of  an  operating 
system. 

Action,  procedure,  modification,  or  device  that 
reduces  the  level  of,  or  inhibits  the  generation  of, 
compromising  emanations  in  an  IS. 

See  discretionary  access  control. 

List  of  individual  letters,  combination  of  letters,  or 
syllables,  with  their  equivalent  code  groups,  used 
for  spelling  out  words  or  proper  names  not  present 
in  the  vocabulary  of  a  code.  A  syllabary  may  also 
be  a  spelling  table. 

Encryption  methodology  in  which  the  encryptor 
and  decryptor  use  the  same  key,  which  must  be 
kept  secret. 


synchronous  crypto-operation  Method  of  on-line  crypto-operation  in  which 

crypto-equipment  and  associated  terminals  have 
timing  systems  to  keep  them  in  step. 

system  administrator  (SA)  Individual  responsible  for  the  installation  and 

maintenance  of  an  IS,  providing  effective  IS 
utilization,  adequate  security  parameters,  and 
sound  implementation  of  established  INFOSEC 
policy  and  procedures. 
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system  assets 


system  development 
methodologies 


system  high 
system  high  mode 


system  indicator 


system  integrity 


system  low 
system  profile 


system  security 

system  security  engineering 

system  security  evaluation 
(C.F.D.) 


Any  software,  hardware,  data,  administrative, 
physical,  communications,  or  personnel  resource 
within  an  IS. 

Methodologies  developed  through  software 
engineering  to  manage  the  complexity  of  system 
development.  Development  methodologies  include 
software  engineering  aids  and  high-level  design 
analysis  tools. 

Highest  security  level  supported  by  an  IS. 

IS  security  mode  of  operation  wherein  each  user, 
with  direct  or  indirect  access  to  the  IS,  its 
peripherals,  remote  terminals,  or  remote  hosts,  has 
all  of  the  following:  a.  valid  security  clearance  for 
all  information  within  an  IS;  b.  formal  access 
approval  and  signed  nondisclosure  agreements  for 
all  the  information  stored  and/or  processed 
(including  all  compartments,  subcompartments 
and/or  special  access  programs);  and  c.  valid 
need-to-  know  for  some  of  the  information 
contained  within  the  IS. 

Symbol  or  group  of  symbols  in  an  off-line 
encrypted  message  identifying  the  specific 
cryptosystem  or  key  used  in  the  encryption. 

Attribute  of  an  IS  when  it  performs  its  intended 
function  in  an  unimpaired  manner,  free  from 
deliberate  or  inadvertent  unauthorized 
manipulation  of  the  system. 

Lowest  security  level  supported  by  an  IS. 

Detailed  security  description  of  the  physical 
structure,  equipment  component,  location, 
relationships,  and  general  operating  environment 
of  an  IS. 

See  information  systems  security. 

See  information  systems  security. 

Risk  assessment  of  a  system,  considering  its 
vulnerabilities  and  perceived  security  threat. 
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system  security  management  Formal  document  fully  describing  the 

plan  (C.F.D.)  responsibilities  for  security  tasks  planned  to  meet 

system  security  requirements. 

system  security  officer  See  information  system  security  officer. 

system  security  plan  Formal  document  fully  describing  the  planned 

(C.F.D.)  security  tasks  required  to  meet  system  security 

requirements. 


T 

tampering  Unauthorized  modification  altering  the  proper 

functioning  of  INFOSEC  equipment. 

telecommunications  Preparation,  transmission,  communication,  or 

related  processing  of  information  (writing,  images, 
sounds,  or  other  data)  by  electrical, 
electromagnetic,  electromechanical,  electro-optical, 
or  electronic  means. 

telecommunications  and  Superseded  by  information  systems  security. 

automated  information 

systems  security  (C.F.D.) 

telecommunications  security  See  information  systems  security. 

(TSEC) 

TEMPEST  Short  name  referring  to  investigation,  study,  and 

control  of  compromising  emanations  from  IS 
equipment. 

TEMPEST  test  Laboratory  or  on-site  test  to  determine  the  nature 

of  compromising  emanations  associated  with  an  IS. 

TEMPEST  zone  Designated  area  within  a  facility  where  equipment 

with  appropriate  TEMPEST  characteristics 
(TEMPEST  zone  assignment)  may  be  operated. 

test  key  Key  intended  for  testing  of  COMSEC  equipment  or 

systems. 

threat  Any  circumstance  or  event  with  the  potential  to 

adversely  impact  an  IS  through  unauthorized 
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threat  analysis 


threat  assessment 


threat  monitoring 


ticket-oriented 


time  bomb 


time-compliance  date 


time -dependent  password 


traditional  COMSEC  program 


traffic  analysis  (TA) 
traffic  encryption  key  (TEK) 

traffic-flow  security  (TFS) 


access,  destruction,  disclosure,  modification  of 
data,  and/or  denial  of  service. 

Examination  of  information  to  identify  the 
elements  comprising  a  threat. 

Formal  description  and  evaluation  of  threat  to  an 
IS. 

Analysis,  assessment,  and  review  of  audit  trails 
and  other  information  collected  for  the  purpose  of 
searching  out  system  events  that  may  constitute 
violations  of  system  security. 

IS  protection  system  in  which  each  subject 
maintains  a  list  of  unforgeable  bit  patterns  called 
tickets,  one  for  each  object  a  subject  is  authorized 
to  access.  See  list-oriented. 

Resident  computer  program  that  triggers  an 
unauthorized  act  at  a  predefined  time. 

Date  by  which  a  mandatory  modification  to  a 
COMSEC  end-item  must  be  incorporated  if  the 
item  is  to  remain  approved  for  operational  use. 

Password  that  is  valid  only  at  a  certain  time  of  day 
or  during  a  specified  interval  of  time. 

Program  in  which  NSA  acts  as  the  central 
procurement  agency  for  the  development  and,  in 
some  cases,  the  production  of  INFOSEC  items. 
This  includes  the  Authorized  Vendor  Program. 
Modifications  to  the  INFOSEC  end-items  used  in 
products  developed  and/or  produced  under  these 
programs  must  be  approved  by  NSA. 

Study  of  communications  patterns. 

Key  used  to  encrypt  plain  text  or  to  superencrypt 
previously  encrypted  text  and/or  to  decrypt  cipher 
text. 

Measure  used  to  conceal  the  presence  of  valid 
messages  in  an  on-line  cryptosystem  or  secure 
communications  system. 
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traffic  padding  Generation  of  spurious  communications  or  data 

units  to  disguise  the  amount  of  real  data  units 
being  sent. 

training  key  Cryptographic  key  for  training. 

(C.F.D.) 


tranquility 


transmission  security 
(TRANSEC) 


trap  door 
trojan  horse 


trusted  computer  system 


Property  whereby  the  security  level  of  an  object 
cannot  change  while  the  object  is  being  processed 
by  an  IS. 

Component  of  COMSEC  resulting  from  the 
application  of  measures  designed  to  protect 
transmissions  from  interception  and  exploitation 
by  means  other  than  cryptanalysis. 

Synonymous  with  back  door. 

Program  containing  hidden  code  allowing  the 
unauthorized  collection,  falsification,  or 
destruction  of  information.  See  malicious  code. 

IS  employing  sufficient  hardware  and  software 
assurance  measures  to  allow  simultaneous 
processing  of  a  range  of  classified  or  sensitive 
information. 


trusted  computing  base  (TCB) 


trusted  distribution 


trusted  facility  manual 


trusted  identification 
forwarding 


Totality  of  protection  mechanisms  within  a 
computer  system,  including  hardware,  firmware, 
and  software,  the  combination  responsible  for 
enforcing  a  security  policy. 

Method  for  distributing  trusted  computing  base 
(TCB)  hardware,  software,  and  firmware 
components  that  protects  the  TCB  from 
modification  during  distribution. 

Document  containing  the  operational 
requirements;  security  environment;  hardware  and 
software  configurations  and  interfaces;  and  all 
security  procedures,  measures,  and  contingency 
plans. 

Identification  method  used  in  IS  networks  whereby 
the  sending  host  can  verify  an  authorized  user  on 
its  system  is  attempting  a  connection  to  another 

57 


UNCLASSIFIED 


NSTIS5I  No.  4009 


trusted  path 


trusted  process 


trusted  recovery 


trusted  software 


TSEC  nomenclature 


tunneling 


two-part  code 


two-person  control 


two-person  integrity  (TPI) 


UNCLASSIFIED 

host.  The  sending  host  transmits  the  required 
user  authentication  information  to  the  receiving 
host. 

Mechanism  by  which  a  person  using  a  terminal 
can  communicate  directly  with  the  trusted 
computing  base  (TCB).  Trusted  path  can  only  be 
activated  by  the  person  or  the  TCB  and  cannot  be 
imitated  by  untrusted  software. 

Process  that  has  privileges  to  circumvent  the 
system  security  policy  and  has  been  tested  and 
verified  to  operate  only  as  intended. 

Ability  to  ensure  recovery  without  compromise 
after  a  system  failure. 

Software  portion  of  a  trusted  computing  base 
(TCB). 

System  for  identifying  the  type  and  purpose  of 
certain  items  of  COMSEC  material. 

Technology  enabling  one  network  to  send  its  data 
via  another  network’s  connections.  Tunneling 
works  by  encapsulating  a  network  protocol  within 
packets  carried  by  the  second  network. 

Code  consisting  of  an  encoding  section,  in  which 
the  vocabulary  items  (with  their  associated  code 
groups)  are  arranged  in  alphabetical  or  other 
systematic  order,  and  a  decoding  section,  in  which 
the  code  groups  (with  their  associated  meanings) 
are  arranged  in  a  separate  alphabetical  or  numeric 
order. 

Continuous  surveillance  and  control  of  positive 
control  material  at  all  times  by  a  minimum  of  two 
authorized  individuals,  each  capable  of  detecting 
incorrect  and  unauthorized  procedures  with 
respect  to  the  task  being  performed,  and  each 
familiar  with  established  security  and  safety 
requirements. 

System  of  storage  and  handling  designed  to 
prohibit  individual  access  to  certain  COMSEC 
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type  1  product 


type  2  product 


type  3  algorithm 


type  4  algorithm 


u 


unauthorized  disclosure 


unclassified 


UNCLASSIFIED 

keying  material  by  requiring  the  presence  of  at 
least  two  authorized  persons,  each  capable  of 
detecting  incorrect  or  unauthorized  security 
procedures  with  respect  to  the  task  being 
performed.  See  no-lone  zone. 

Classified  or  controlled  cryptographic  item 
endorsed  by  the  NSA  for  securing  classified  and 
sensitive  U.S.  Government  information,  when 
appropriately  keyed.  The  term  refers  only  to 
products,  and  not  to  information,  key,  services,  or 
controls.  Type  1  products  contain  classified  NSA 
algorithms.  They  are  available  to  U.S.  Government 
users,  their  contractors,  and  federally  sponsored 
non-U. S.  Government  activities  subject  to  export 
restrictions  in  accordance  with  International  Traffic 
in  Arms  Regulation. 

Unclassified  cryptographic  equipment,  assembly, 
or  component,  endorsed  by  the  NSA,  for  use  in 
national  security  systems  as  defined  in  Title  40 
U.S.C.  Section  1452. 

Cryptographic  algorithm  registered  by  the  National 
Institute  of  Standards  and  Technology  (NIST)  and 
published  as  a  Federal  Information  Processing 
Standard  (FIPS)  for  use  in  protecting  unclassified 
sensitive  information  or  commercial  information. 

Unclassified  cryptographic  algorithm  that  has  been 
registered  by  the  National  Institute  of  Standards 
and  Technology  (NIST) ,  but  not  published  as  a 
Federal  Information  Processing  Standard  (FIPS). 


Type  of  event  involving  exposure  of  information  to 
individuals  not  authorized  to  receive  it. 

Information  that  has  not  been  determined 
pursuant  to  E.O.  12958  or  any  predecessor  order 
to  require  protection  against  unauthorized 
disclosure  and  that  is  not  designated  as  classified. 

59 


UNCLASSIFIED 


NSTIS5I  No.  4009 


untrusted  process 


updating 


user 


user  ID 


User  Partnership  Program 
(UPP) 


user  profile 


user  representative 


U.S.- con  trolled  facility 


U.S. -controlled  space 


UNCLASSIFIED 

Process  that  has  not  been  evaluated  or  examined 
for  adherence  to  the  security  policy.  It  may  include 
incorrect  or  malicious  code  that  attempts  to 
circumvent  the  security  mechanisms. 

Automatic  or  manual  cryptographic  process  that 
irreversibly  modifies  the  state  of  a  COMSEC  key, 
equipment,  device,  or  system. 

Person  or  process  authorized  to  access  an  IS. 

(PKI)  Individual  defined,  registered,  and  bound  to 
a  public  key  structure  by  a  certification  authority 
(CA). 

Unique  symbol  or  character  string  used  by  an  IS  to 
identify  a  specific  user. 

Partnership  between  the  NSA  and  a  U.S. 
Government  agency  to  facilitate  development  of 
secure  IS  equipment  incorporating  NSA-approved 
cryptography.  The  result  of  this  program  is  the 
authorization  of  the  product  or  system  to 
safeguard  national  security  information  in  the 
user’s  specific  application. 

Patterns  of  a  user's  activity  that  can  show  changes 
from  normal  behavior. 

Person  authorized  by  an  organization  to  order 
COMSEC  keying  material  and  interface  with  the 
keying  system,  provide  information  to  key  users, 
and  ensure  the  correct  type  of  key  is  ordered. 

Base  or  building  to  which  access  is  physically 
controlled  by  U.S.  persons  who  are  authorized  U.S. 
Government  or  U.S.  Government  contractor 
employees. 

Room  or  floor  within  a  facility  that  is  not  a  U.S.- 
controlled  facility,  access  to  which  is  physically 
controlled  by  U.S.  persons  who  are  authorized  U.S. 
Government  or  U.S.  Government  contractor 
employees.  Keys  or  combinations  to  locks 
controlling  entrance  to  U.S. -controlled  spaces  must 
be  under  the  exclusive  control  of  U.S.  persons  who 
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NSTIS5I  No.  4009 


U.S.  person 

V 

validation 

variant 

verification 

verified  design 
(C.F.D.) 

virtual  password 
(C.F.D.) 

virtual  private  network  (VPN) 


UNCLASSIFIED 

are  U.S.  Government  or  U.S.  Government 
contractor  employees. 

U.S.  citizen  or  a  permanent  resident  alien,  an 
unincorporated  association  substantially 
composed  of  U.S.  citizens  or  permanent  resident 
aliens,  or  a  corporation  incorporated  in  U.S., 
except  for  a  corporation  directed  and  controlled  by 
a  foreign  government  or  governments. 


Process  of  applying  specialized  security  test  and 
evaluation  procedures,  tools,  and  equipment 
needed  to  establish  acceptance  for  joint  usage  of 
an  IS  by  one  or  more  departments  or  agencies  and 
their  contractors. 

One  of  two  or  more  code  symbols  having  the  same 
plain  text  equivalent. 

Process  of  comparing  two  levels  of  an  IS 
specification  for  proper  correspondence  (e.g., 
security  policy  model  with  top-level  specification, 
top-level  specification  with  source  code,  or  source 
code  with  object  code). 

Computer  protection  class  in  which  formal  security 
verification  methods  are  used  to  assure  mandatory 
and  discretionary  security  controls  can  effectively 
protect  classified  and  sensitive  information  stored 
in,  or  processed  by,  the  system.  Class  A1  system 
is  verified  design. 

IS  password  computed  from  a  passphrase  meeting 
the  requirements  of  password  storage  (e.g.,  64 
bits) . 

Protected  IS  link  utilizing  tunneling,  security 
controls  (see  information  assurance) ,  and  end¬ 
point  address  translation  giving  the  impression  of  a 
dedicated  line. 
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virus 

vulnerability 

vulnerability  analysis 

vulnerability  assessment 

w 

work  factor 

worm 

write 

write  access 

z 

zero  fill 

zeroize 

zone  of  control 


UNCLASSIFIED 

Self-replicating,  malicious  code  that  attaches  itself 
to  an  application  program  or  other  executable 
system  component  and  leaves  no  obvious  signs  of 
its  presence. 

Weakness  in  an  IS,  system  security  procedures, 
internal  controls,  or  implementation  that  could  be 
exploited. 

Examination  of  information  to  identify  the 
elements  comprising  a  vulnerability. 

Formal  description  and  evaluation  of 
vulnerabilities  of  an  IS. 


Estimate  of  the  effort  or  time  needed  by  a  potential 
perpetrator,  with  specified  expertise  and  resources, 
to  overcome  a  protective  measure. 

See  malicious  code. 

Fundamental  operation  in  an  IS  that  results  only 
in  the  flow  of  information  from  a  subject  to  an 
object.  See  access  type. 

Permission  to  write  to  an  object  in  an  IS. 


To  fill  unused  storage  locations  in  an  IS  with  the 
representation  of  the  character  denoting  "0." 

To  remove  or  eliminate  the  key  from  a  crypto¬ 
equipment  or  fill  device. 

Synonymous  with  inspectable  space. 
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SECTION  II 

COMMONLY  USED  ABBREVIATIONS  AND  ACRONYMS 


ACL 

Access  Control  List 

ACO 

Access  Control  Officer 

ADM  (C.F.D.) 

Advanced  Development  Model 

AE  (C.F.D.) 

Application  Entity 

AIG 

Address  Indicator  Group 

AIN 

Advanced  Intelligence  Network 

AIRK  (C.F.D.) 

Area  Interswitch  Re  keying  Key 

AJ  (C.F.D.) 

Anti- J  amming 

AK 

Automatic  Remote  Rekeying 

AKDC  (C.F.D.) 

Automatic  Key  Distribution  Center 

AKD/RCU 

Automatic  Key  Distribution/Re  keying  Control  Unit 

AKMC  (C.F.D.) 

Automated  Key  Management  Center 

ARMS  (C.F.D.) 

Automated  Key  Management  System 

ALC 

Accounting  Legend  Code 

AMS 

1 .  Auto-Manual  System 

2.  Autonomous  Message  Switch 

ANDVT 

Advanced  Narrowband  Digital  Voice  Terminal 

ANSI 

American  National  Standards  Institute 

AOSS  (C.F.D.) 

Automated  Office  Support  Systems 

APC 

Adaptive  Predictive  Coding 

APU 

Auxiliary  Power  Unit 

ARPANET  (C.F.D.) 

Advanced  Research  Projects  Agency  Network 
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ASCII  American  Standard  Code  for  Information 

Interchange 

ASPJ  (c.f.d.)  Advanced  Self-Protection  Jammer 


ASSIST  Program  Automated  Information  System  Security  Incident 

Support  Team 

ASU  (C.f.d.)  Approval  for  Service  Use 

ATM  Asynchronous  Transfer  Mode 


AUTODIN 


Automatic  Digital  Network 


AY  (C.F.D.) 


Auxiliary  Vector 


AVP  Authorized  Vendor  Program 

C2  1 .  Command  and  Control 

2.  Controlled  Access  Protection  (C.F.D.) 

C3  Command,  Control,  and  Communications 


C3I 


Command,  Control,  Communications  and 
Intelligence 


C4 

CA 


C&A 


Command,  Control,  Communications  and 
Computers 

1 .  Controlling  Authority 

2.  Cryptanalysis 

3.  COMSEC  Account 

4.  Command  Authority 

5.  Certification  Authority 

Certification  and  Accreditation 


CAW 

CCEP 

CCI 

CCO 


Certificate  Authority  Workstation 
Commercial  COMSEC  Endorsement  Program 
Controlled  Cryptographic  Item 
Circuit  Control  Officer 


CDS  (C.F.D.) 


Cryptographic  Device  Services 


CEOI  Communications  Electronics  Operating  Instruction 
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CEPR 

Compromising  Emanation  Performance 
Requirement 

CER 

1 .  Cryptographic  Equipment  Room 

2.  Communication  Equipment  Room 

CERT 

Computer  Security  Emergency  Response  Team 

CFD 

Common  Fill  Device 

CIAC 

Computer  Incident  Assessment  Capability 

CIK 

Crypto-Ignition  Key 

CIP  (C.F.D.) 

Crypto-Ignition  Plug 

CIRK  (C.F.D.) 

Common  Interswitch  Re  keying  Key 

CIRT 

Computer  Security  Incident  Response  Team 

CK  (C.F.D.) 

Compartment  Key 

CKG 

Cooperative  Key  Generation 

CMCS 

COMSEC  Material  Control  System 

CNA 

Computer  Network  Attack 

CNCS  (C.F.D.) 

Cryptonet  Control  Station 

CND 

Computer  Network  Defense 

CNK  (C.F.D.) 

Cryptonet  Key 

COMPUSEC 

Computer  Security 

COMSEC 

Communications  Security 

CONOP 

Concept  of  Operations 

COR 

1.  Central  Office  of  Record  (COMSEC) 

2.  Contracting  Officer  Representative 

COTS 

Commercial-off-the-shelf 

CPS  (C.F.D.) 

COMSEC  Parent  Switch 

CPU 

Central  Processing  Unit 
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CRL 

CRP  (C.F.D.) 
Crypt/ Crypto 
CSE 
CSS 


CSSO 

CSTVRP 

CTAK 

CT&E 

CTTA 

CUP 

DAA 

DAC 

DAMA 

DCID 

DCS 

DCSP  (C.F.D.) 

DDS 

DES 

DIB  (C.F.D.) 
DISN 


Certificate  Revocation  List 
COMSEC  Resources  Program  (Budget) 
Cryptographic-related 
Communications  Security  Element 

1.  COMSEC  Subordinate  Switch 

2.  Constant  Surveillance  Service  (Courier) 

3.  Continuous  Signature  Service  (Courier) 

4.  Coded  Switch  System 

Contractor  Special  Security  Officer 

Computer  Security  Technical  Vulnerability  Report 
Program 

Cipher  Text  Auto-Key 
Certification  Test  and  Evaluation 
Certified  TEMPEST  Technical  Authority 
COMSEC  Utility  Program 

1 .  Designated  Approving  Authority 

2.  Designated  Accrediting  Authority 

3.  Delegated  Accrediting  Authority 

Discretionary  Access  Control 
Demand  Assigned  Multiple  Access 
Director  Central  Intelligence  Directive 

1 .  Defense  Communications  System 

2.  Defense  Courier  Service 

Design  Controlled  Spare  Part(s) 

Dual  Driver  Service  (courier) 

Data  Encryption  Standard 

Directory  Information  Base 

Defense  Information  System  Network 
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DITSCAP  DoD  Information  Technology  Security  Certification 

and  Accreditation  Process 

DoD  TCSEC  (c.f.d.)  Department  of  Defense  Trusted  Computer  System 

Evaluation  Criteria 


DLED  (c.f.d.) 

DMA 

DMS 

DPL  (C.F.D.) 

DSA 

DSN 

DSVT 

DTLS 

DTD 

DTS 

DUA 

EAM 

ECCM 

ECM 

ECPL 

EDAC 

EDESPL  (C.F.D.) 
EDM  (C.f.d.) 
EFD 
EFTO 


Dedicated  Loop  Encryption  Device 

Direct  Memory  Access 

Defense  Message  System 

Degausser  Products  List  (a  section  in  the 
INFOSEC  Products  and  Services  Catalogue) 

Digital  Signature  Algorithm 

Defense  Switched  Network 

Digital  Subscriber  Voice  Terminal 

Descriptive  Top-Level  Specification 

Data  Transfer  Device 

Diplomatic  Telecommunications  Service 

Directory  User  Agent 

Emergency  Action  Message 

Electronic  Counter-Countermeasures 

Electronic  Countermeasures 

Endorsed  Cryptographic  Products  List 
(a  section  in  the  Information  Systems 
Security  Products  and  Services  Catalogue) 

Error  Detection  and  Correction 

Endorsed  Data  Encryption  Standard  Products  List 

Engineering  Development  Model 

Electronic  Fill  Device 

Encrypt  For  Transmission  Only 
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EGADS  (C.F.D.) 

Electronic  Generation,  Accounting,  and 
Distribution  System 

EKMS 

Electronic  Key  Management  System 

ELINT 

Electronic  Intelligence 

ELSEC  (C.F.D.) 

Electronic  Security 

E  Model 

Engineering  Development  Model 

EMSEC  (C.F.D.) 

Emissions  Security 

EPL 

Evaluated  Products  List  (a  section  in  the 
INFOSEC  Products  and  Services  Catalogue) 

ERTZ 

Equipment  Radiation  TEMPEST  Zone 

ETL  (C.F.D.) 

Endorsed  Tools  List 

ETPL 

Endorsed  TEMPEST  Products  List 

EUCI  (C.F.D.) 

Endorsed  for  Unclassified  Cryptographic 
Information 

EV  (C.F.D.) 

Enforcement  Vector 

FDDI  (C.F.D.) 

Fiber  Distributed  Data  Interface 

FDIU 

Fill  Device  Interface  Unit 

FIPS 

Federal  Information  Processing  Standard 

FOCI 

Foreign  Owned,  Controlled  or  Influenced 

FOUO 

For  Official  Use  Only 

FSRS 

Functional  Security  Requirements  Specification 

FSTS 

Federal  Secure  Telephone  Service 

FTS 

Federal  Telecommunications  System 

FTAM 

File  Transfer  Access  Management 

FTLS 

Formal  Top-Level  Specification 

GCCS 

Global  Command  and  Control  System 
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GETS 

Government  Emergency  Telecommunications 
Service 

GPS 

Global  Positioning  System 

GTS 

Global  Telecommunications  Service 

GWEN 

Ground  Wave  Emergency  Network 

HDM  (C.F.D.) 

Hierarchical  Development  Methodology 

HUS  (C.F.D.) 

Hardened  Unique  Storage 

HUSK  (C.F.D.) 

Hardened  Unique  Storage  Key 

IA 

Information  Assurance 

I&A 

Identification  and  Authentication 

IBAC 

Identity  Based  Access  Control 

ICU 

Interface  Control  Unit 

IDS 

Intrusion  Detection  System 

IEMATS 

Improved  Emergency  Message  Automatic 
Transmission  System 

IFF 

Identification,  Friend  or  Foe 

IFFN 

Identification,  Friend,  Foe,  or  Neutral 

IIRK  (C.F.D.) 

Interarea  Interswitch  Rekeying  Key 

ILS 

Integrated  Logistics  Support 

INFOSEC 

Information  Systems  Security 

IO 

Information  Operations 

IP 

Internet  Protocol 

IPM 

Interpersonal  Messaging 

IPSO 

Internet  Protocol  Security  Option 

IR  (C.F.D.) 

Information  Ratio 

IRK  (C.F.D.) 

Interswitch  Rekeying  Key 
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IS 

Information  System 

ISDN 

Integrated  Services  Digital  Network 

ISO 

International  Standards  Organization 

ISS  (C.F.D.) 

Information  Systems  Security 

ISSE 

Information  Systems  Security  Engineering 

ISSM 

Information  Systems  Security  Manager 

ISSO 

Information  Systems  Security  Officer 

IT 

Information  Technology 

ITAR 

International  Traffic  in  Arms  Regulation 

ITSEC 

Information  Technology  Security  Evaluation 

Criteria 

KAK 

Key-Auto-Key 

KDC 

Key  Distribution  Center 

KEK 

Key  Encryption  Key 

KG 

Key  Generator 

KMASE  (C.F.D.) 

Key  Management  Application  Service  Element 

KMC 

Key  Management  Center 

KMID 

Key  Management  Identification  Number 

KMODC 

Key  Management  Ordering  and  Distribution  Center 

KMP 

Key  Management  Protocol 

KMPDU  (C.F.D.) 

Key  Management  Protocol  Data  Unit 

KMS 

Key  Management  System 

KMSA  (C.F.D.) 

Key  Management  System  Agent 

KMUA  (C.F.D.) 

Key  Management  User  Agent 

KP 

Key  Processor 
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KPK 

Key  Production  Key 

KSD 

Key  Storage  Device 

KSOS  (C.F.D.) 

Kemelized  Secure  Operating  System 

KVG  (C.F.D.) 

Key  Variable  Generator 

LEAD 

Low-Cost  Encryption /Authentication  Device 

LEAF  (C.F.D.) 

Law  Enforcement  Access  Field 

LKG  (C.F.D.) 

Loop  Key  Generator 

LMD 

Local  Management  Device 

LMD/KP 

Local  Management  Device/Key  Processor 

LME  (C.F.D.) 

Layer  Management  Entry 

LMI  (C.F.D.) 

Layer  Management  Interface 

LOCK 

Logical  Co-Processing  Kernel 

LPC 

Linear  Predictive  Coding 

LPD 

Low  Probability  of  Detection 

LPI 

Low  Probability  of  Intercept 

LRIP 

Limited  Rate  Initial  Preproduction 

LSI 

Large  Scale  Integration 

MAC 

1 .  Mandatory  Access  Control 

2.  Message  Authentication  Code 

MAN 

1 .  Mandatory  Modification 

2.  Metropolitan  Area  Network 

MATSYM  (C.F.D.) 

Material  Symbol 

MCCB  (C.F.D.) 

Modification/Configuration  Control  Board 

MDC  (C.F.D.) 

Manipulation  Detection  Code 

MEECN  (C.F.D.) 

Minimum  Essential  Emergency  Communications 
Network 
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MEP  (C.F.D.) 

MER 

MHS 

MI 

MIB 

MIJI  (C.F.D.) 
MINTERM 
MISSI 
MLS 

MRT  (C.F.D.) 

MSE 

NACAM 

NACSI 

NACSIM 

NAK 

NCCD 

NCS 

NCSC 

NISAC 

NIST 

NKSR  (C.F.D.) 

NLZ 

NSA 

NSAD  (C.F.D.) 


Management  Engineering  Plan 

Minimum  Essential  Requirements 

Message  Handling  System 

Message  Indicator 

Management  Information  Base 

Meaconing,  Intrusion,  Jamming,  and  Interference 

Miniature  Terminal 

Multilevel  Information  Systems  Security  Initiative 

Multilevel  Security 

Miniature  Receiver  Terminal 

Mobile  Subscriber  Equipment 

National  COMSEC  Advisory  Memorandum 

National  COMSEC  Instruction 

National  COMSEC  Information  Memorandum 

Negative  Acknowledge 

Nuclear  Command  and  Control  Document 

1.  National  Communications  System 

2.  National  Cryptologic  School 

3.  Net  Control  Station 

National  Computer  Security  Center 

National  Industrial  Security  Advisory  Committee 

National  Institute  of  Standards  and  Technology 

Nonkemel  Security  Related 

No-Lone  Zone 

National  Security  Agency 

Network  Security  Architecture  and  Design 
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NSD 

National  Security  Directive 

NSDD 

National  Security  Decision  Directive 

NSEP 

National  Security  Emergency  Preparedness 

NSI 

National  Security  Information 

NSO  (C.F.D.) 

Network  Security  Officer 

NSTAC 

National  Security  Telecommunications 
Advisory  Committee 

NSTISSAM 

National  Security  Telecommunications  and 
Information  Systems  Security 

Advisory /Information  Memorandum 

NSTISSC 

National  Security  Telecommunications  and 
Information  Systems  Security  Committe 

NSTISSD 

National  Security  Telecommunications  and 
Information  Systems  Security  Directive 

NSTISSI 

National  Security  Telecommunications  and 
Information  Systems  Security  Instruction 

NSTISSP 

National  Security  Telecommunications  and 
Information  Systems  Security  Policy 

NTCB 

Network  Trusted  Computing  Base 

NTIA 

National  Telecommunications  and  Information 

Administration 

NTISSAM 

National  Telecommunications  and  Information 
Systems  Security  Advisory /Information 
Memorandum 

NTISSD 

National  Telecommunications  and  Information 
Systems  Security  Directive 

NTISSI 

National  Telecommunications  and  Information 
Systems  Security  Instruction 

NTISSP 

National  Telecommunications  and  Information 
Systems  Security  Policy 

OADR 

Originating  Agency’s  Determination  Required 
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OPCODE 

Operations  Code 

OPSEC 

Operations  Security 

ORA 

Organizational  Registration  Authority 

OTAD 

Over-the-Air  Key  Distribution 

OTAR 

Over-the-Air  Rekeying 

OTAT 

Over-the-Air  Key  Transfer 

OTP 

One-Time  Pad 

OTT 

One-Time  Tape 

PAA 

Policy  Approving  Authority 

PAAP  (C.F.D.) 

Peer  Access  Approval 

PAE  (C.F.D.) 

Peer  Access  Enforcement 

PAL 

Permissive  Action  Link 

PC 

Personal  Computer 

PCA 

Policy  Certification  Authority 

PCMCIA 

Personal  Computer  Memory  Card  International 
Association 

PCZ  (C.F.D.) 

Protected  Communications  Zone 

PDR 

Preliminary  Design  Review 

PDS 

1.  Protected  Distribution  Systems 

2.  Practices  Dangerous  to  Security 

PDU  (C.F.D.) 

Protocol  Data  Unit 

PES 

Positive  Enable  System 

PKA  (C.F.D.) 

Public  Key  Algorithm 

PKC 

Public  Key  Cryptography 

PKI 

Public  Key  Infrastructure 

PKSD 

Programmable  Key  Storage  Device 
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P  model 

Preproduction  Model 

PNEK 

Post-Nuclear  Event  Key 

PPL 

Preferred  Products  List  (a  section  in  the  INFOSEC 
Products  and  Services  Catalogue) 

PRBAC  (C.F.D.) 

Partition  Rule  Base  Access  Control 

PROM 

Programmable  Read-Only  Memory 

PROPIN 

Proprietary  Information 

PSL  (C.F.D.) 

Protected  Services  List 

PWDS 

Protected  Wireline  Distribution  System 

RACE  (C.F.D.) 

Rapid  Automatic  Cryptographic  Equipment 

RAMP 

Rating  Maintenance  Program 

RQT  (C.F.D.) 

Reliability  Qualification  Tests 

SA 

System  Administrator 

SABI 

Secret  and  Below  Interoperability 

SAO 

Special  Access  Office 

SAP 

1 .  System  Acquisition  Plan 

2.  Special  Access  Program 

SARK 

SAVILLE  Advanced  Remote  Keying 

SBU 

Sensitive  But  Unclassified 

SCI 

Sensitive  Compartmented  Information 

SCIF 

Sensitive  Compartmented  Information  Facility 

SDNRIU  (C.F.D.) 

Secure  Digital  Net  Radio  Interface  Unit 

SDNS 

Secure  Data  Network  System 

SDR 

System  Design  Review 

SFA 

Security  Fault  Analysis 

SHA 

Secure  Hash  Algorithm 
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SFUG 

Security  Features  Users  Guide 

SI 

Special  Intelligence 

SIGSEC  (C.F.D.) 

Signals  Security 

SISS 

Subcommittee  on  Information  Systems  Security 

SMU 

Secure  Mobile  Unit 

SPK 

Single  Point  Key(ing) 

SPS  (C.F.D.) 

Scratch  Pad  Store 

SRA  (C.F.D.) 

Sub-Registration  Authority 

SRR 

Security  Requirements  Review 

SSO 

Special  Security  Officer 

SSP 

System  Security  Plan 

ST&E 

Security  Test  and  Evaluation 

STE 

Secure  Terminal  Equipment 

STS 

Subcommittee  on  Telecommunications  Security 

STU 

Secure  Telephone  Unit 

TA 

Traffic  Analysis 

TACTED  (C.F.D.) 

Tactical  Trunk  Encryption  Device 

TACTERM 

Tactical  Terminal 

TAG 

TEMPEST  Advisory  Group 

TCB 

Trusted  Computing  Base 

TCD  (C.F.D.) 

Time  Compliance  Data 

TCSEC  (C.F.D.) 

DoD  Trusted  Computer  System  Evaluation  Criteria 

TD  (C.F.D.) 

Transfer  Device 

TED 

Trunk  Encryption  Device 

TEK 

Traffic  Encryption  Key 
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TEP 

TEMPEST  Endorsement  Program 

TFM 

Trusted  Facility  Manual 

TFS 

Traffic  Flow  Security 

TLS 

Top-Level  Specification 

TNI  (C.F.D.) 

Trusted  Network  Interpretation 

TNIEG  (C.f.d.) 

Trusted  Network  Interpretation  Environment 
Guideline 

TPC 

Two-Person  Control 

TPEP 

Trusted  Products  Evaluation  Program 

TPI 

Two-Person  Integrity 

TRANSEC 

Transmission  Security 

TRB 

Technical  Review  Board 

TRI-TAC 

Tri-Service  Tactical  Communications  System 

TSCM 

Technical  Surveillance  Countermeasures 

TSEC 

Telecommunications  Security 

TSK  (C.F.D.) 

Transmission  Security  Key 

UA 

User  Agent 

UIRK  (C.F.D.) 

Unique  Interswitch  Rekeying  Key 

UIS 

User  Interface  System 

UPP 

User  Partnership  Program 

USDE  (C.f.d.) 

Undesired  Signal  Data  Emanations 

V  model  (c.f.d.) 

Advanced  Development  Model 

VPN 

Virtual  Private  Network 

XDM/X  Model 

(C.F.D.) 

Experimental  Development  Model/Exploratory 
Development  Model 
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